From 485e2c6702b683407a570b0153556e399f41d9eb Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 15 Mar 2021 15:37:04 -0400
Subject: [PATCH] try not to fail because vulnix finds vulnerabilities

---
 ci-tools/vulnerability-scan | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ci-tools/vulnerability-scan b/ci-tools/vulnerability-scan
index 870962fb..18ef9b9a 100755
--- a/ci-tools/vulnerability-scan
+++ b/ci-tools/vulnerability-scan
@@ -30,4 +30,6 @@ else
 fi
 '
 
-nix-shell -p vulnix --run 'vulnix ./scan-target/' | tee "$OUTPUT"
+# vulnix exits with an error status if there are vulnerabilities.  we don't
+# want to fail the job in that case because then we can't see the report.
+nix-shell -p vulnix --run 'vulnix ./scan-target/ || true' | tee "$OUTPUT"
-- 
GitLab