How to indicate success or failure from the IQ CLI?


#1

Following command line exit code conventions, the IQ CLI java jar will return a code of 0 upon a successful scan and a code of 1 upon a “failed” scan.

The meaning of a “failed” scan can be adjusted in a couple ways.

  1. The most obvious is when the scan contains policy violations where the action has been set to “Fail”
  2. Next would be if the IQ Server is unavailable, the scan will fail and return an exit code of 1, by default. This can be ignored by using the “-e” flag or “- -ignore-system-errors”. When this flag is present on the command line arguments, the exit code will be set to 0 when the IQ Server is unavailable.
  3. The last way is to use the “-w” flag or “- -fail-on-policy-warnings”. When this flag is present on the command line arguments, the exit code will be set to 1 when the scan contains policy violations where the action has been set to “Warn”.

#2

If you’re checking the return/exit code for failure it’s best to check for not zero so that your scripts are future proofed, in the event we start to use other non-zero exit codes to aid in diagnostics.