Make --error-level more obvious in the man page

The --error-level option is useful in continuous integration (CI) pipelines. Make it even more obvious in the documentation. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 19:03:37 -04:00 · 2021-05-30 19:03:37 -04:00 · 428fbf6b02
parent 113483d06b
commit 428fbf6b02
1 changed files with 12 additions and 1 deletions
--- a/flawfinder.1
+++ b/flawfinder.1
@ -222,7 +222,10 @@ Not every hit is necessarily a security vulnerability, and
 there may be other security vulnerabilities not reported by the tool.
 .PP
 Flawfinder can easily integrate into a continuous integration system.
-You might want to check out the \-\-error\-level option to help do that.
+You might want to check out the \-\-error\-level option to help do that, e.g.,
+using \-\-error\-level=4 will cause an error to be returned if flawfinder
+finds a vulnerability of level 4 or higher.
+
 .PP
 Flawfinder is released under the GNU GPL license version 2 or later (GPLv2+).
 .PP
@ -733,6 +736,14 @@ reporting on all hits found.
 By default flawfinder will skip symbolic links and
 directories with names that start with a period.

+.TP
+.B "flawfinder \-\-error-level=4 ."
+Examine all the C/C++ files in the current directory
+and its subdirectories (recursively);
+return an error code if there are vulnerabilities
+level 4 and up (the two highest risk levels).
+This is a plausible way to use flawfinder in a continuous integration system.
+
 .TP
 .B "flawfinder \-\-minlevel=4 ."
 Examine all the C/C++ files in the current directory