From 4be7b99f95c54487448459863f4e53bbb194d80c Mon Sep 17 00:00:00 2001
From: Daria Kuznetsova <d.kuznetsova@sap.com>
Date: Thu, 25 Jan 2024 06:35:29 +0100
Subject: [PATCH] fix(codeqlExecuteScan): check for compliance for Audit All
 (#4796)

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
---
 cmd/codeqlExecuteScan.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/cmd/codeqlExecuteScan.go b/cmd/codeqlExecuteScan.go
index caa26a885..4eb07d130 100644
--- a/cmd/codeqlExecuteScan.go
+++ b/cmd/codeqlExecuteScan.go
@@ -399,10 +399,12 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem
 
 		if config.CheckForCompliance {
 			for _, scanResult := range scanResults {
-				unaudited := scanResult.Total - scanResult.Audited
-				if unaudited > config.VulnerabilityThresholdTotal {
-					msg := fmt.Sprintf("Your repository %v with ref %v is not compliant. Total unaudited issues are %v which is greater than the VulnerabilityThresholdTotal count %v", repoUrl, repoInfo.Ref, unaudited, config.VulnerabilityThresholdTotal)
-					return reports, errors.Errorf(msg)
+				if scanResult.ClassificationName == codeql.AuditAll {
+					unaudited := scanResult.Total - scanResult.Audited
+					if unaudited > config.VulnerabilityThresholdTotal {
+						msg := fmt.Sprintf("Your repository %v with ref %v is not compliant. Total unaudited issues are %v which is greater than the VulnerabilityThresholdTotal count %v", repoUrl, repoInfo.Ref, unaudited, config.VulnerabilityThresholdTotal)
+						return reports, errors.Errorf(msg)
+					}
 				}
 			}
 		}