Commit 875b52b2 authored by Fabien Catteau's avatar Fabien Catteau Committed by Russell Dickenson

Recommend log command line as error if fails

Recommend integrators implementing Secure scanner
to log command lines with the error log level
when these command lines fail.
parent b888a987
...@@ -260,6 +260,8 @@ When executing command lines, scanners should use the `debug` level to log the c ...@@ -260,6 +260,8 @@ When executing command lines, scanners should use the `debug` level to log the c
For instance, the [bundler-audit](https://gitlab.com/gitlab-org/security-products/analyzers/bundler-audit) scanner For instance, the [bundler-audit](https://gitlab.com/gitlab-org/security-products/analyzers/bundler-audit) scanner
uses the `debug` level to log the command line `bundle audit check --quiet`, uses the `debug` level to log the command line `bundle audit check --quiet`,
and what `bundle audit` writes to the standard output. and what `bundle audit` writes to the standard output.
If the command line fails, then it should be logged with the `error` log level;
this makes it possible to debug the problem without having to change the log level to `debug` and rerun the scanning job.
#### common logutil package #### common logutil package
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment