Change retire.js to error when findings found and add "Job succeeded and there were findings" exit code
Problem to solve
For consistency across Dependency Scanning analyzers, retire.js needs to be changed so that it exits with a non-zero exit code when the scan is successful and vulnerabilities are found, as documented in #324634 (closed).
This behavior is enabled by a new environment variable documented in #324634 (closed).
This analyzer relies on the command
Go package of the common library to implement its run
command, and this package has moved to analyzers/command.
Proposal
-
Use analyzers/command instead of the command
package of common -
Update to the version of analyzers/command that implements the new behavior; implementation issue is #324946 (closed)
Documentation
Covered by #301133 (closed)
Testing
-
Update Secure test projects used for this analyzer project, so that the exit codes are tested
Other links/references
Edited by Fabien Catteau