Following command line exit code conventions, the IQ CLI java jar will return a code of 0 upon a successful scan and a code of 1 upon a “failed” scan.
The meaning of a “failed” scan can be adjusted in a couple ways.
The most obvious is when the scan contains policy violations where the action has been set to “Fail”
Next would be if the IQ Server is unavailable, the scan will fail and return an exit code of 1, by default. This can be ignored by using the “-e” flag or “- -ignore-system-errors”. When this flag is present on the command line arguments, the exit code will be set to 0 when the IQ Server is unavailable.
The last way is to use the “-w” flag or “- -fail-on-policy-warnings”. When this flag is present on the command line arguments, the exit code will be set to 1 when the scan contains policy violations where the action has been set to “Warn”.
If you’re checking the return/exit code for failure it’s best to check for not zero so that your scripts are future proofed, in the event we start to use other non-zero exit codes to aid in diagnostics.
Success or failure is determined in the policy configuration, specifically, whether they are set to “warn” or “fail” in the build stage being used. If you set them to ‘warn’ then the CLI will not return a failure code when there are violations.
You can also use the --result-file option to store the scan and evaluation information, which includes a policyAction field. This field will be set to “None”, “Warn”, or “Fail”.
You’ve listed three scenarios where an error is returned, but that’s not quite complete. Is there a way to return success when there is nothing to scan? Currently it returns:
[error]No files have been found to scan
But I would like to consider this a successful scan.