Change bundler-audit to error when findings found and add "Job succeeded and there were findings" exit code
Problem to solve
For consistency across Dependency Scanning analyzers, bundler-audit needs to be changed so that it exits with a non-zero exit code when the scan is successful and vulnerabilities are found, as documented in #324634 (closed).
This behavior is enabled by a new environment variable documented in #324634 (closed).
This analyzer relies on the command
Go package of the common library to implement its run
command, and this package has moved to analyzers/command.
Proposal
-
Use analyzers/command instead of the command
package of common -
Update to the version of analyzers/command that implements the new behavior; implementation issue is #324946 (closed)
Documentation
Covered by #301133 (closed)
Testing
-
Update Secure test projects used for this analyzer project, so that the exit codes are tested
Other links/references
Edited by Fabien Catteau