Skip to content

Commit

Permalink
fix(codeqlExecuteScan): check for compliance for Audit All (#4796)
Browse files Browse the repository at this point in the history 
Co-authored-by: sumeet patil <[email protected]>
  • Loading branch information
@daskuznetsova @sumeetpatil
daskuznetsova and sumeetpatil authored Jan 25, 2024
1 parent 33b8c48 commit 4be7b99
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions cmd/codeqlExecuteScan.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -399,10 +399,12 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem

if config.CheckForCompliance {
for _, scanResult := range scanResults {
unaudited := scanResult.Total - scanResult.Audited
if unaudited > config.VulnerabilityThresholdTotal {
msg := fmt.Sprintf("Your repository %v with ref %v is not compliant. Total unaudited issues are %v which is greater than the VulnerabilityThresholdTotal count %v", repoUrl, repoInfo.Ref, unaudited, config.VulnerabilityThresholdTotal)
return reports, errors.Errorf(msg)
if scanResult.ClassificationName == codeql.AuditAll {
unaudited := scanResult.Total - scanResult.Audited
if unaudited > config.VulnerabilityThresholdTotal {
msg := fmt.Sprintf("Your repository %v with ref %v is not compliant. Total unaudited issues are %v which is greater than the VulnerabilityThresholdTotal count %v", repoUrl, repoInfo.Ref, unaudited, config.VulnerabilityThresholdTotal)
return reports, errors.Errorf(msg)
}
}
}
}
Expand Down

0 comments on commit 4be7b99

Please sign in to comment.