make -z the default

[grosser]

any test framework returns 1 on failure ... brakeman should too
easy to forget when setting up and always having green builds -> super dangerous

[presidentbeef]

That would be a pretty big change that could break things for users. While it's nice if people treat Brakeman as a test suite, it's not really the same and not everyone relies on it that way.

[grosser]

What would be a usecase that does not need a false exit status ?
earmark this for v2.0 ?

[presidentbeef]

Any time a user is expecting the exit status to mean Brakeman broke instead of meaning a warning was found.

[grosser]

It's not very unixy to expect that ... especially any auditing/test command exits with 1 when the test/audit failed ... so I'd think it's the better default ...

Imagining an opposite world: would you except a PR that removes the exit 1 status if it was the default ? I would not ...

[presidentbeef]

Changing the default is a problem, no matter what. I'm not sure it's worth it when it's been the same for five years. It would certainly require a major version change.

[grosser]

I've seen brakeman used in 10+ projects and always with -z flag, so I'd expect the fallout to be minimal :)
But agreed that it should be done on major version increment.

[connorshea]

I 100% agree that -z should be the default.

[GermanDZ]

Something related to -z the :exit_on_warn: true on a config file works fine in my OSX but is ignored in Linux. In Linux I need to add always -z despite of the configuration in the config file.

[presidentbeef]

@GermanDZ sorry that's a bug I introduced in 3.7.1. It will be fixed in the next release.

Edit: although I don't know why it would be different on different OSes unless you are running different versions of Brakeman.