PR Check should not fail if there's no monitor

[AndreLSnyk]

This PR is failing the PR if not monitor is found. When we are implementing this tool on new projects , the first PR is actually the one triggering the first monitor, so the current behaviour is that we a failing the PR , the user is forcing the PR to proceed and then the project is monitored as part of the build. Can we change the message in case there's no monitor to something like "This project is still not monitored, we will be able to check for newly introduced vulnerabilities after this project is monitored" and not fail the build?

[aarlaud]

2.0.5 introduces a new flag allows you to pass if there is no baseline found and the project test finds issues. Without it the status will pass if there is no vulns in the project. The logic is:

1. if baseline is found, compare current snyk test results with the baseline snapshot and fail only if current test finds new issues that are not in the baseline.
2. if baseline is not found, then snyk test results are passed through, meaning that if snyk test finds 0 issues it passes, and if issues fails otherwise.
3. if baseline if not found and passifnobaseline option is used, Snyk-prevent-gh-commit-status will not return failure even if the current test indicates failure. To use with caution.

[somashekar10]

@aarlaud Based on the conversation at https://github.com/snyk-tech-services/snyk-prevent-gh-commit-status/commit/24521bce6999416d5a9446cb65b3ef08d6122664#commitcomment-53227689, the flag - --setPassIfNoBaseline needs to be passed through to snyk-delta. Is it happening now or should it still be taken care of?

@mathild3r @jeetchoudhary

[mathild3r]

Hi @somashekar10 ,

yes the changes are in both snyk-delta and snyk-prevent-commit-status, you just need to bump both tools and it should work.

@jeetchoudhary