Implement support for non-nil exit code

[ourbjorn]

By passing the boolean argument --exitCode/-x to the scan cmd, a non-nil exit code will be returned on potential vulnerabilities findings.

[michaelweber]

Hi @ourbjorn!

I don't see an associated issue with this, but it sounds like you're looking for gokart to output a non-zero exit code when results are found, presumably to make it easier to use gokart in an automated way.

Your PR would add a mechanism for this, but I think this is part of a larger need for gokart to better support use cases involving automation. For example, issue #4 is looking for gokart to have output which is easier to parse (also, presumably for automation cases). Right now the scan() function just runs in a vacuum, and we should probably make it return the list of results (which have been filtered) so that it's easier to parse and perform post-processing on. Adding an error return which indicates that vulns were found is one way to handle this, but I think we need to do some wider refactoring since this is really more of a design problem that blocks a number of other changes to gokart.

I think to address this class of issues we'd like to do a larger change than just adding a flag for this one case. Would you be OK with opening as issue for this use case (so we don't lose track of it + the issue covers exactly what you'd like changed) and then in an upcoming release we can have a more complete option for CI/CD-friendly usage of gokart to cover it? Obviously in the interim you can use this fix, but I think we're going to hold off on merging it versus implementing something like a headless mode for gokart that will play nicely with a bunch of different automation approaches.

Cheers!
Mike

[ourbjorn]

Hi @michaelweber ,

You're right - I should have created an associated issue with this PR, to better describe the change and it's usage, and to enable a discussion around it.

I appreciate the answer and concur with your reasoning. I don't think I currently have the time to make a larger effort and change at the moment, though. I will however create an issue for it!

Thanks!

[michaelweber]

Thanks for opening an issue for this! I totally agree that the effort for the larger fix is something we can't reasonably expect someone to do with a PR.

If you don't mind I'm going to close this PR for now - it's possible for this PR to become stale and we don't want folks to clone something and accidentally miss some bug fixes. We'll be working to add this functionality in though, so hopefully there won't be too much of a gap for you.

Thanks again for helping us improve the project!

Cheers!
-Mike