Closed DmitriyLewen closed 2 weeks ago
Actually, --file-patterns
doesn't work with most post-analyzers now as --file-patterns
is not taken into account in post-analyzers. We also need to fix it.
I thought about it.
But other-post analyzers use immutable file names (for example, npm always uses file name package-lock.json
).
conan supports a flag to set the filename.
Also mix
has the same option (but we use analyzer
for mix
).
But anyway we need to update our logic. I created #6962 for that.
UPD:
I think we can merge fix for conan now.
To fix file-patterns
we will create separate PR.
I think we can merge fix for conan now. To fix file-patterns we will create separate PR.
Yes, I'll review and merge #6949 first.
Discussed in https://github.com/aquasecurity/trivy/discussions/6942