Not updating the pr with a comment

[twij2332]

Hi

I used pipeline scan action in my github workflow as below and when I am using it with 'fail_on_severity' option it will not show any output in pipeline it self or as a comment in PR

Here is my github workflow
- name: pipeline-scan action step
id: pipeline-scan
uses: veracode/[email protected]
with:
vid: ${{ secrets.VID }}
vkey: ${{ secrets.VKEY }}
file: "file.zip"
fail_on_severity: 'true'

If I run without fail_on_severity: 'true' it will add a comment to pr like this

[nadimz]

The syntax for fail_on_severity according to the documentation in action.yaml is:

fail_on_severity:
    description: 'Fail the pipeline job if the scan finds flaws of the specified severities. Enter a comma-separated list of severities in quotation marks.'

So, if you want the build to fail only when High or Very High issues are found, you'd do this:

- name: 🛡️ Run Veracode Pipeline Scan
        uses: veracode/[email protected]
        with:
          vid: ${{ secrets.VID }}
          vkey: ${{ secrets.VKEY }}
          file: app.zip
          fail_on_severity: "Very High, High"
          fail_build: true

However, there's currently a parsing bug and fail_on_severity doesn't work. I have PR #30 for it.