diff --git a/main.go b/main.go
index cbb263bd275a..69a1d3717e60 100644
--- a/main.go
+++ b/main.go
@@ -72,6 +72,7 @@ var (
 	printAvgDetectorTime = cli.Flag("print-avg-detector-time", "Print the average time spent on each detector.").Bool()
 	noUpdate             = cli.Flag("no-update", "Don't check for updates.").Bool()
 	fail                 = cli.Flag("fail", "Exit with code 183 if results are found.").Bool()
+	failOnScanErrors     = cli.Flag("fail-on-scan-errors", "Exit with non-zero error code if an error occurs during the scan.").Bool()
 	verifiers            = cli.Flag("verifier", "Set custom verification endpoints.").StringMap()
 	customVerifiersOnly  = cli.Flag("custom-verifiers-only", "Only use custom verification endpoints.").Bool()
 	detectorTimeout      = cli.Flag("detector-timeout", "Maximum time to spend scanning chunks per detector (e.g., 30s).").Duration()
@@ -1081,8 +1082,12 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 	}
 
 	// Print any non-fatal errors reported during the scan.
+	var retErr error
 	for _, ref := range refs {
 		if errs := ref.Snapshot().Errors; len(errs) > 0 {
+			if *failOnScanErrors {
+				retErr = fmt.Errorf("encountered errors during scan")
+			}
 			errMsgs := make([]string, len(errs))
 			for i := 0; i < len(errs); i++ {
 				errMsgs[i] = errs[i].Error()
@@ -1099,7 +1104,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 		printAverageDetectorTime(eng)
 	}
 
-	return metrics{Metrics: eng.GetMetrics(), hasFoundResults: eng.HasFoundResults()}, nil
+	return metrics{Metrics: eng.GetMetrics(), hasFoundResults: eng.HasFoundResults()}, retErr
 }
 
 // parseResults ensures that users provide valid CSV input to `--results`.