feat: Can you implement the option '-f, --fail-on string'

[markussiebert]

What would you like to be added:

It would be great, if grant would support the following option (that grype does):

-f, --fail-on string         set the return code to 1 if a vulnerability is found with a severity >= the given severity, options=[negligible low medium high critical]

Why is this needed:

I would like to configure the fail behavior of Grant (I would like to have an option don't fail) for cases where we want to analyze the Grant result JSON. Right now, it is difficult to determine whether there was an error running Grant or if it stopped due to license violations.

[kzantow]

This might be easy to change the error return code. FYI there recently was an addition in CLIO to do just this so we could return a different exit code for vulnerability flagging.

If you needed to differentiate "run failures" from "license violations", we could implement a similar change here without the need for a separate flag.

[spiffcs]

This should now be covered by the --dry-run flag going out in v0.3.0. You should get a json output with no status code 1 so the json is easy to grab.

grant check -o json alpine:latest --dry-run | jq . > new.json

A config option has also been added for the other issue regarding a gate on no license.

require-license: true # When true, deny packages with no detected licenses

Check the readme for the config changes as well as the new json we're trying out!