Merge pull request #67 from elementsinteractive/osvcodes

fix: make 128 no packages found not return an error

Author: scastlara

internal/scanner/osv.go

@@ -20,6 +20,10 @@ const (
 	WebKind        osvReferenceKind = "WEB"
 	PackageKind    osvReferenceKind = "PACKAGE"
 	osvTimeout                      = 5 * time.Minute
+	// https://google.github.io/osv-scanner/output/#return-codes
+	osvReturnCodeSuccess    int = 0
+	osvReturnCodeVulnsFound int = 1
+	osvReturnCodeNoPackages int = 128
 )
 
 type osvSource struct {
@@ -116,10 +120,13 @@ func (s *osvScanner) Scan(dir string) (*OsvReport, error) {
 	)
 
 	//Handle exit codes according to https://google.github.io/osv-scanner/output/#return-codes
-	if cmdOut.ExitCode == 0 && err == nil {
+	if cmdOut.ExitCode == osvReturnCodeSuccess && err == nil {
 		// Successful run of osv-scanner, no report because no vulnerabilities found
 		log.Debug().Int("exitCode", cmdOut.ExitCode).Msg("osv-scanner did not find vulnerabilities")
 		return nil, nil
+	} else if cmdOut.ExitCode == osvReturnCodeNoPackages {
+		log.Warn().Int("exitCode", cmdOut.ExitCode).Msg("osv-scanner did not find any packages to scan")
+		return nil, nil
 	} else if cmdOut.ExitCode > 1 || cmdOut.ExitCode == -1 {
 		// Failed to run osv-scanner at all, or it returned an error
 		log.Debug().Int("exitCode", cmdOut.ExitCode).Msg("osv-scanner failed to run")