Fail Policies

When running in the command line, Sandworm can be configured to fail by exiting with code 1 when identifying specific issue types and/or severities. This makes it easy to integrate Sandworm as a part of your CI or Git hook flow.

To provide fail conditions, use the --fail-on command-line option, or the audit.failOn field in the .sandworm.config.json configuration file. You should provide an array of string conditions. Each condition has a required type and a required severity, joined by a dot. Possible types are *, root, dependencies, license, and meta. Possible severities are *, critical, high, moderate, and low. Using these, you can construct fail conditions like:

*.* - fail on any issue;
dependencies.* - fail on any vulnerability identified with the app dependencies;
root.* - fail on any vulnerability identified with the app itself;
*.critical - fail on any critical severity issue.

For example, to fail on any critical or high severity issues:

sandworm-audit --fail-on='["*.critical", "*.high"]'

No fail conditions are set by default.

Sandworm will also exit with code 1 if it encounters any errors that potentially alter the audit result.

PreviousLicense Policies NextCustom Registries

Last updated 2 years ago

Was this helpful?