Fail in case of vulnerabilities

tdruez · tdruez · commit b807cfd01bd9 · 2025-02-19T10:34:50.000-10:00
Signed-off-by: tdruez &lt;tdruez@nexb.com&gt;
diff --git a/.github/workflows/find-vulnerabilities.yml b/.github/workflows/find-vulnerabilities.yml
@@ -18,3 +18,9 @@ jobs:
           pipelines: "inspect_packages:StaticResolver,find_vulnerabilities"
         env:
           VULNERABLECODE_URL: https://public.vulnerablecode.io/
+
+      - name: Fail in case of vulnerabilities
+        shell: bash
+        run: |
+          scanpipe shell --command \
+          'from scanpipe.models import Project; project = Project.objects.get(name=${{ inputs.project-name }}); vulnerability_count = project.discoveredpackages.vulnerable().count() + project.discovereddependencies.vulnerable().count(); print(vulnerability_count, "vulnerabilities found"); exit(1) if vulnerability_count else exit(0);'
