Regression: exit code is not zero when no vulnerabilities or issues found

[manolo]

Description

bomber exits with a exitcode=10 in both cases: when any issue is found, and when no issues found.

Note that with previous releases the exit code was 0 in the case of successful scan

How to reproduce

Install bomber in their latest version: 0.4.5, even though it reports a wrong version 0.4.4 when running bomber --version see #176

Scan with no vulnerabilities

• create a basic package.json file with a the latest non-vulnerable pack-resolver

{
  "name": "no-name",
  "license": "UNLICENSED",
  "dependencies": {
      "pac-resolver": "7.0.0"
   }
}

• install dependencies npm install
• generate SBOM npx @cyclonedx/cyclonedx-npm --output-file sbom.json
• run Bomber bomber scan sbom.json --output json and you can see no issues reported
• check exit code echo $? and it is 10

Scan with vulnerabilities

• Modify the package.json file to downgrade pack-resolver to a vulnerable version

{
  "name": "no-name",
  "license": "UNLICENSED",
  "dependencies": {
      "pac-resolver": "5.0.0"
   }
}

• install dependencies npm install
• generate SBOM npx @cyclonedx/cyclonedx-npm --output-file sbom.json
• run Bomber bomber scan sbom.json --output json and you can see a couple of issues reported
• check exit code echo $? and it is 10

[manolo]

Perhaps regression was introduced in #165

[AJIOXA]

Same on version 0.4.5

[djschleen]

Appreciate the detailed explanation! I'll make sure we get this fixed and released as soon as possible.