bug(scan): `--file-patterns` doesn't work for some `post-analyzers`

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

https://aquasecurity.github.io/trivy

Apache License 2.0

23.1k stars 2.28k forks source link

Open DmitriyLewen opened 3 months ago

DmitriyLewen commented 3 months ago

In most post-analyzers we use required function in PostAnalyze. https://github.com/aquasecurity/trivy/blob/3eecfc6b6e1d6cef1497f7ff0044e676da159243/pkg/fanal/analyzer/language/nodejs/npm/npm.go#L49-L51 But we don't have info about file-patterns in PostAnalyze function. That is why --file-patterns flag may not work.

We need to update our logic to take into account file-patterns for PostAnalyze