Skip to content

Commit 063fe4f

Browse files
mcasimirmcasimir
committed
chore: make vuln report fail only after creating tickets
1 parent 4c3b886 commit 063fe4f

File tree

3 files changed

+6
-6
lines changed

3 files changed

+6
-6
lines changed

.evergreen.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5842,8 +5842,8 @@ functions:
58425842
rm THIRD_PARTY_NOTICES.md
58435843
npm run update-third-party-notices
58445844
5845-
# generate vulnerability report: can only fail if is not a patch.
5846-
npm run generate-vulnerability-report || { [ "$EVERGREEN_IS_PATCH" == "true" ] && exit 0; } || exit 1
5845+
# generate vulnerability report
5846+
npm run generate-vulnerability-report
58475847
58485848
# if on main and not triggered by a tag, also create a ticket for each vulnerability found
58495849
if [[ "${requester}" == "commit" ]]; then

.evergreen/evergreen.yml.in

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -543,8 +543,8 @@ functions:
543543
rm THIRD_PARTY_NOTICES.md
544544
npm run update-third-party-notices
545545

546-
# generate vulnerability report: can only fail if is not a patch.
547-
npm run generate-vulnerability-report || { [ "$EVERGREEN_IS_PATCH" == "true" ] && exit 0; } || exit 1
546+
# generate vulnerability report
547+
npm run generate-vulnerability-report
548548

549549
# if on main and not triggered by a tag, also create a ticket for each vulnerability found
550550
if [[ "${requester}" == "commit" ]]; then

package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,8 +63,8 @@
6363
"scan-node-js": "mongodb-sbom-tools scan-node-js --version=$NODE_JS_VERSION > .sbom/node-js-vuln.json",
6464
"snyk-test": "node scripts/snyk-test.js",
6565
"pregenerate-vulnerability-report": "npm run webpack-build -w packages/cli-repl && npm run snyk-test && npm run scan-node-js && npm run write-node-js-dep",
66-
"generate-vulnerability-report": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json --fail-on=high > .sbom/vulnerability-report.md",
67-
"create-vulnerability-tickets": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json --create-jira-issues"
66+
"generate-vulnerability-report": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json > .sbom/vulnerability-report.md",
67+
"create-vulnerability-tickets": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json --fail-on=high --create-jira-issues"
6868
},
6969
"config": {
7070
"unsafe-perm": true

0 commit comments

Comments
 (0)