From a7df39621772079ba2403ceb09c964da970bb2e7 Mon Sep 17 00:00:00 2001
From: Marc Barussaud <marc.barussaud@orange.com>
Date: Wed, 5 Jun 2024 09:12:05 +0000
Subject: [PATCH] feat: fail Semgrep on internal errors (wrong ruleset or else)

---
 README.md                    | 2 +-
 kicker.json                  | 2 +-
 templates/gitlab-ci-node.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index d64f2b6..955cf2c 100644
--- a/README.md
+++ b/README.md
@@ -361,7 +361,7 @@ It is bound to the `test` stage, and uses the following variables:
 | ----------------------- | -------------------------------------- | ----------------- |
 | `semgrep-disabled` / `NODE_SEMGREP_DISABLED` | Set to `true` to disable this job | _none_ |
 | `semgrep-image` / `NODE_SEMGREP_IMAGE`    | The Docker image used to run [Semgrep](https://semgrep.dev/docs/) | `registry.hub.docker.com/semgrep/semgrep:latest` |
-| `semgrep-args` / `NODE_SEMGREP_ARGS`     | Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | `--metrics off --disable-version-check` |
+| `semgrep-args` / `NODE_SEMGREP_ARGS`     | Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | `--metrics off --disable-version-check --no-suppress-errors` |
 | `semgrep-rules` / `NODE_SEMGREP_RULES` | Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).<br/>Can be both local YAML files or remote rules from the [Semgrep Registry](https://semgrep.dev/explore) (denoted by the `p/` prefix). | `p/javascript p/eslint p/gitlab-eslint` |
 | `semgrep-download-rules-enabled` / `NODE_SEMGREP_DOWNLOAD_RULES_ENABLED` | Download Semgrep remote rules | `true` |
 
diff --git a/kicker.json b/kicker.json
index 191569c..47b26a0 100644
--- a/kicker.json
+++ b/kicker.json
@@ -121,7 +121,7 @@
         {
           "name": "NODE_SEMGREP_ARGS",
           "description": "Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options)",
-          "default": "--metrics off --disable-version-check"
+          "default": "--metrics off --disable-version-check --no-suppress-errors"
         },
         {
           "name": "NODE_SEMGREP_RULES",
diff --git a/templates/gitlab-ci-node.yml b/templates/gitlab-ci-node.yml
index 503853b..20ff22a 100644
--- a/templates/gitlab-ci-node.yml
+++ b/templates/gitlab-ci-node.yml
@@ -77,7 +77,7 @@ spec:
       default: false
     semgrep-args:
       description: Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options)
-      default: --metrics off --disable-version-check
+      default: --metrics off --disable-version-check --no-suppress-errors
     semgrep-rules:
       description: |-
         Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).
-- 
GitLab