Recommend log command line as error if fails

Recommend integrators implementing Secure scanner to log command lines with the error log level when these command lines fail.

Recommend log command line as error if fails
Recommend integrators implementing Secure scanner to log command lines with the error log level when these command lines fail.
875b52b2 · Fabien Catteau · Russell Dickenson · b888a987 · 875b52b2
Commit 875b52b2 authored Jan 22, 2021 by Fabien Catteau Committed by Russell Dickenson Jan 22, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

doc/development/integrations/secure.md doc/development/integrations/secure.md +2 -0

No files found.
--- a/doc/development/integrations/secure.md
+++ b/doc/development/integrations/secure.md
@@ -260,6 +260,8 @@ When executing command lines, scanners should use the `debug` level to log the c
 For instance, the [bundler-audit](https://gitlab.com/gitlab-org/security-products/analyzers/bundler-audit) scanner
 uses the `debug` level to log the command line `bundle audit check --quiet`,
 and what `bundle audit` writes to the standard output.
+If the command line fails, then it should be logged with the `error` log level;
+this makes it possible to debug the problem without having to change the log level to `debug` and rerun the scanning job.

 #### common logutil package