@@ -25,6 +25,10 @@ export const scanCommand = new Command('scan')
2525 . option ( '--commit <sha>' , 'Commit SHA' )
2626 . option ( '-f, --format <format>' , 'Output format (json|table)' , 'table' )
2727 . option ( '-o, --output <file>' , 'Output file (optional)' )
28+ . option ( '--max-critical <number>' , 'Fail if critical >= threshold (-1 = disabled)' , '-1' )
29+ . option ( '--max-high <number>' , 'Fail if high >= threshold (-1 = disabled)' , '-1' )
30+ . option ( '--max-medium <number>' , 'Fail if medium >= threshold (-1 = disabled)' , '-1' )
31+ . option ( '--max-low <number>' , 'Fail if low >= threshold (-1 = disabled)' , '-1' )
2832 . action ( async ( repositoryId , options ) => {
2933 try {
3034 const config = getConfig ( ) ;
@@ -95,24 +99,52 @@ export const scanCommand = new Command('scan')
9599 console . log ( ` Security Score: ${ result . scan . securityScore } ) ;
96100 }
97101
98- // Check for CI/CD failure conditions
99- if ( config . failOnCritical && result . results . critical > 0 ) {
102+ // Check for CI/CD failure conditions with numeric thresholds
103+ const maxCritical = parseInt ( options . maxCritical || '-1' , 10 ) ;
104+ const maxHigh = parseInt ( options . maxHigh || '-1' , 10 ) ;
105+ const maxMedium = parseInt ( options . maxMedium || '-1' , 10 ) ;
106+ const maxLow = parseInt ( options . maxLow || '-1' , 10 ) ;
107+
108+ // Critical threshold check
109+ if ( maxCritical >= 0 && result . results . critical >= maxCritical ) {
110+ console . log ( ) ;
111+ console . error ( chalk . red ( `❌ Build failed: ${ result . results . critical } ${ maxCritical } ) ) ;
112+ process . exit ( 1 ) ;
113+ }
114+
115+ // High threshold check
116+ if ( maxHigh >= 0 && result . results . high >= maxHigh ) {
117+ console . log ( ) ;
118+ console . error ( chalk . red ( `❌ Build failed: ${ result . results . high } ${ maxHigh } ) ) ;
119+ process . exit ( 1 ) ;
120+ }
121+
122+ // Medium threshold check
123+ if ( maxMedium >= 0 && result . results . medium >= maxMedium ) {
100124 console . log ( ) ;
101- console . error ( chalk . red ( ' ❌ Build should fail: Critical vulnerabilities found' ) ) ;
125+ console . error ( chalk . red ( ` ❌ Build failed: ${ result . results . medium } medium severity vulnerabilities found (threshold: ${ maxMedium } )` ) ) ;
102126 process . exit ( 1 ) ;
103127 }
104128
105- if ( config . failOnHigh && result . results . high > 0 ) {
129+ // Low threshold check
130+ if ( maxLow >= 0 && result . results . low >= maxLow ) {
106131 console . log ( ) ;
107- console . error ( chalk . red ( ' ❌ Build should fail: High severity vulnerabilities found' ) ) ;
132+ console . error ( chalk . red ( ` ❌ Build failed: ${ result . results . low } low severity vulnerabilities found (threshold: ${ maxLow } )` ) ) ;
108133 process . exit ( 1 ) ;
109134 }
110135
136+ // Total violations check (backward compatibility with config)
111137 if ( config . maxViolations && result . results . total > config . maxViolations ) {
112138 console . log ( ) ;
113139 console . error ( chalk . red ( `❌ Build should fail: Too many violations (${ result . results . total } ${ config . maxViolations } ) ) ;
114140 process . exit ( 1 ) ;
115141 }
142+
143+ // Log success if thresholds are set
144+ if ( maxCritical >= 0 || maxHigh >= 0 || maxMedium >= 0 || maxLow >= 0 ) {
145+ console . log ( ) ;
146+ console . log ( chalk . green ( '✅ All threshold checks passed' ) ) ;
147+ }
116148 } else {
117149 console . log ( ) ;
118150 console . log ( chalk . yellow ( '💡 Use "codethreat scan status ' + result . scan . id + '" to check progress' ) ) ;
0 commit comments