file out writer implementation

[nasir-rabbani]

1. We can use --log-output-dir flag if we want to write the log and scan results in files
2. The log file will get appended while the scan output will be overwritten.
3. The format of the scan output file will be in sync with -o flag input
4. For now we will support output writing for every format except sarif (as sarif already writes the result to a file and this will require considering the file locations field in the sarif output)

[codecov]

Codecov Report

Merging #1229 (fa649fe) into master (2bf371d) will decrease coverage by 0.28%.
The diff coverage is 40.35%.

❗ Current head fa649fe differs from pull request most recent head 2a163a9. Consider uploading reports for the commit 2a163a9 to get more accurate results

@@            Coverage Diff             @@
##           master    #1229      +/-   ##
==========================================
- Coverage   77.73%   77.44%   -0.29%     
==========================================
  Files         272      272              
  Lines        7683     7719      +36     
==========================================
+ Hits         5972     5978       +6     
- Misses       1357     1384      +27     
- Partials      354      357       +3     

Impacted Files	Coverage Δ
pkg/cli/register.go	2.94% <0.00%> (-0.64%)	⬇️
pkg/cli/scan.go	71.42% <0.00%> (-2.11%)	⬇️
pkg/writer/register.go	100.00% <ø> (ø)
pkg/cli/output_writer.go	14.28% <11.11%> (-19.05%)	⬇️
pkg/logging/logger.go	92.59% <33.33%> (-7.41%)	⬇️
pkg/writer/human_readable.go	85.22% <50.00%> (ø)
pkg/writer/sarif.go	79.31% <60.00%> (-2.51%)	⬇️
pkg/cli/run.go	85.71% <66.66%> (-2.53%)	⬇️
pkg/writer/github_sarif.go	100.00% <100.00%> (ø)
pkg/writer/json.go	100.00% <100.00%> (ø)
... and 4 more

[cesar-rodriguez]

Few comments:

• I think the default behavior should be not to store the logs in a file just stdout like it currently works.
• The name of the flag should be "--log-output-dir" to be more specific
• There's a typo where the word "over-write" should be "overwrite"
• The functionality is not working for me for some reason. The file is showing empty

[patilpankaj212]

we should add an e2e test for this asserting that the log files are created in the provided directory.

[nasir-rabbani]

we should add an e2e test for this asserting that the log files are created in the provided directory.

done

[cesar-rodriguez]

@nasir-rabbani there's something strange going on with the "security" check. Can you please try pulling the latest changes from master and pushing? Thanks

cc @bkizer-tenable

[nasir-rabbani]

@nasir-rabbani there's something strange going on with the "security" check. Can you please try pulling the latest changes from master and pushing? Thanks

cc @bkizer-tenable

@cesar-rodriguez @bkizer-tenable
The Security workflow is marked as required but the trigger event is set as push which is causing the PR checks to wait forever.
Moreover, I tried to add the pull-request trigger event, but it failed as the secrets won't be accessible to PRs from a forked repository.
As a solution, I think instead of using the Snyk Github Action we should use the Snyk Github App

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
2 Code Smells

No Coverage information
0.0% Duplication

[Rchanger]

LGTM.