From f9a8f80485b7f2dab23f463937b802af499daf78 Mon Sep 17 00:00:00 2001
From: Tomoya Amachi <tomoya.amachi@gmail.com>
Date: Wed, 25 Sep 2019 15:32:02 +0900
Subject: [PATCH] skip scan composer.lock in vendor dir (fanal#34)

---
 analyzer/library/composer/composer.go | 6 ++++++
 utils/utils.go                        | 5 +++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/analyzer/library/composer/composer.go b/analyzer/library/composer/composer.go
index 2a85282e18..3200bfaab9 100644
--- a/analyzer/library/composer/composer.go
+++ b/analyzer/library/composer/composer.go
@@ -3,6 +3,7 @@ package composer
 import (
 	"bytes"
 	"path/filepath"
+	"strings"
 
 	"github.com/aquasecurity/fanal/analyzer"
 	"github.com/aquasecurity/fanal/extractor"
@@ -28,6 +29,11 @@ func (a composerLibraryAnalyzer) Analyze(fileMap extractor.FileMap) (map[analyze
 			continue
 		}
 
+		// skip analyze files which in dependency folder
+		if utils.StringInSlice(utils.COMPOSER_DEP_DIR, strings.Split(filename, utils.PathSeparator)) {
+			continue
+		}
+
 		r := bytes.NewBuffer(content)
 		libs, err := composer.Parse(r)
 		if err != nil {
diff --git a/utils/utils.go b/utils/utils.go
index c5f157ba80..5472b8562e 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -7,8 +7,9 @@ import (
 )
 
 var (
-	NODE_DEP_DIR  = "node_modules"
-	PathSeparator = fmt.Sprintf("%c", os.PathSeparator)
+	NODE_DEP_DIR     = "node_modules"
+	COMPOSER_DEP_DIR = "vendor"
+	PathSeparator    = fmt.Sprintf("%c", os.PathSeparator)
 )
 
 func CacheDir() string {