Open de-jcup opened 5 months ago
At the beginning of SecHub we made a survey and interviews. Most be people wanted to have a breaking build (synchronous) some people wanted an asynchronous scan.
SecHub can do both ways: asynchronous and synchronous.
To have a breaking build because of RED findings at synchronnous we used the exit code 1. If there appears an unexpected error, we have dedicated, other exit codes.
Asynchronous scan shall NOT break the build - no matter if there is a RED finding or not . It just triggers a scan and you can later check the result.
But the GH action for SecHub does currently only support synchronous scanning.
The problem I am facing is that the action throws errors which is not the desired state:
Wouldn't that be a good configuration option to have an option when the exit code will not be zero?
Please use mention next time if you move an discussion or similar - was really confused why the discussion tab was missing.
Discussed in https://github.com/mercedes-benz/sechub/discussions/2827