Appendix 3. Scanning results
| Exit code | Description |
|---|---|
| 0 | Scan completed successfully |
| 1 | Scan failed, see error message |
| 2 | Scan completed, but Quality Gates failed. For example, the SAST tool found too many critical and high severity security issues in the source code. |
| Description | Scan status |
|---|---|
| Scanning, waiting for results | PENDING |
| Scanning, waiting for results | IN PROGRESS |
| Scan completed successfully | SUCCESS |
| Importing security issues and Quality Gates Information | IMPORTING |
| Scan skipped | SKIPPED |
| Scan failed | FAILED |
Examples of closing messages in the CLI
1. Scan completed successfully, QG is not set.
Status: Success Reason: QG is not specified Quality gates: SAST: N/S2. Scan completed successfully, QG is passed.
Status: Success Reason: QG is passed Quality gates: SAST: Success SCA: Success3. Scan completed successfully, security pipeline bypassed.
Status: Success Reason: pipeline was bypassed Quality gates: SAST: Bypassed SCA: Bypassed4. Scan completed unsuccessfully, QG isn’t passed.
Status: Failed Reason: QG is not passed Quality gates: SAST: Failed SCA: Success5. Scanning completed unsuccessfully due to integrity check.
Status: Failed Reason: integrity check failed: unknown codebase (https://github.com/appsecco/dvja.git, master) at DVJA application (code: dvja).JSON file with scan results
{ "status": "Success", "reason": "QG is passed", "qualityGates": [ { "practice": "SAST", "status": "Success" }, { "practice": "SCA", "status": "Success" } ] }| Parameter | Required parameter | Description |
|---|---|---|
status |
+ | Final scan status Values: Success|Failed |
reason |
+ | The reason for the return of the status described above. If "Status: Failed", detailed error information is displayed |
qualityGates |
– | Details on QG status for each practice (SAST, SCA, DAST) in the corresponding security pipeline |
qualityGates.practice |
+ | Practice name |
qualityGates.status |
+ | Quality Gate status: Success | Failed |