gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-05 20:40:16 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix(license): disable jar analyzer for licence scan only (#3780)

Browse Source
This commit is contained in:
DmitriyLewen
2023-03-07 17:22:23 +06:00
committed by GitHub
parent 1dc6fee781
commit 6614398ab4
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/commands/artifact/run.go
View File

@@ -494,6 +494,15 @@ func disabledAnalyzers(opts flag.Options) []analyzer.Type {
analyzers = append(analyzers, analyzer.TypeLicenseFile)
}
// Parsing jar files requires Java-db client
// But we don't create client if vulnerability analysis is disabled and SBOM format is not used
// We need to disable jar analyzer to avoid errors
// TODO disable all languages that don't contain license information for this case
if opts.Scanners.Enabled(types.LicenseScanner) && !opts.Scanners.Enabled(types.VulnerabilityScanner) &&
!slices.Contains(report.SupportedSBOMFormats, opts.Format) {
analyzers = append(analyzers, analyzer.TypeJar)
}
// Do not perform misconfiguration scanning on container image config
// when it is not specified.
if !opts.ImageConfigScanners.Enabled(types.MisconfigScanner) {