Issue with skipped violations using CircleCI and JUnit output format

[gchappel]

• terrascan version: v1.8.0
• Operating System: Linux

Description

I/we are running Terrascan tests against some Terraform code, but trying to skip one known validation. This is executing through CircleCI, with the output in JUnit XML format and stored for display in the CircleCI webUI using store_test_results

The issue is that skipped violations, when output in JUnit format contain both the skipped element AND still contain a failure element. This appears to be causing CircleCI to show skipped violations as test failures, meaning that:

• on a successful CircleCI run (where terrascan exits with 0) the Tests tab on the CircleCI build still shows errors where there should be none.
• on a failed CircleCI run (where terrascan exits with >0) the Tests tab shows all skipped violations as errors, making it difficult to pinpoint what actually needs fixing at first glance. For example if you have 9 known violations with skip tags, and 1 genuine violation, they are all displayed identically as failed tests in the CircleCI UI.

I can't share the Terraform code itself but if required I'm happy to put together a minimal reproduction for this

I believe the issue is:

• The JUnit spec allows only one of the skipped/failure/error etc elements to exist (because these are all contained within an <xs:choice> element
• https://github.com/accurics/terrascan/blob/master/pkg/writer/junit_xml.go#L166-L169 says that if something is marked as skipped, it should have both a skipped AND a failure element, which appears to be against this spec
• CircleCI's JUnit parser is displaying all testcases that have a failure element, without taking the skipped element into account as the use of these two elements together appears to be outside the schema

What I Did

Paste the command(s) you ran and the output.
If there was a crash, please include the traceback here.