Return codes inconsistent with scan results

Question

Return codes inconsistent with scan results

huornlmj opened this issue a year ago · 2 comments

Describe the bug
If I run kubesec scan score-1-pod-automount-sa-set-to-false.yml, kubesec reports "message": "Passed with a score of 1 points", and if I check kubesec's exit code I get a '0':

$ echo $?
0

However, if I run a scan against a manifest that scores 0, kubesec also reports it as a pass: "message": "Passed with a score of 0 points", but the exit code is now '2':

$ echo $?
2

A fail with a negative score value in Kubsec ("message": "Failed with a score of -4 points") also yields an exit code of '2':

$ echo $?
2

Expected behaviour
If Kubsec reports a "Passed" message then the exit code should be consistent between a pass of 0 and any other positive integer pass.

Screenshots
If applicable, add screenshots to help explain your problem.

Other information

$ kubesec version
version 2.14.0
git commit edd68f6ffde5651c1c1460a8b6d83c7f62e4f5aa
build date 2023-11-21T15:48:03Z

Answer 1 · 2024-01-19T16:34:03.000Z

thanks for raising this

We'll likely have a score of 0 pass properly with an exit with code 0, rather than change 0 to be a fail.

I'll double check how kubesec has behaved in the past.

Answer 2 · 2024-01-19T16:40:04.000Z

I've not bothered with before 2.2.0 because it's using gopkg rather than go modules but this is a long-standing issue

I'll check changing the exit code of a score 0 to exit 0 is ok