feat(vuln): Add --detection-priority flag for accuracy tuning (#7288)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

pkg/cache/key_test.go

@@ -8,21 +8,23 @@ import (
 
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
+	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/fanal/walker"
 	"github.com/aquasecurity/trivy/pkg/misconf"
 )
 
 func TestCalcKey(t *testing.T) {
 	type args struct {
-		key              string
-		analyzerVersions analyzer.Versions
-		hookVersions     map[string]int
-		skipFiles        []string
-		skipDirs         []string
-		patterns         []string
-		policy           []string
-		data             []string
-		secretConfigPath string
+		key               string
+		analyzerVersions  analyzer.Versions
+		hookVersions      map[string]int
+		skipFiles         []string
+		skipDirs          []string
+		patterns          []string
+		policy            []string
+		data              []string
+		secretConfigPath  string
+		detectionPriority types.DetectionPriority
 	}
 	tests := []struct {
 		name    string
@@ -115,7 +117,10 @@ func TestCalcKey(t *testing.T) {
 						"debian": 1,
 					},
 				},
-				patterns: []string{"test", ""},
+				patterns: []string{
+					"test",
+					"",
+				},
 			},
 			want: "sha256:71abf09bf1422531e2838db692b80f9b9f48766f56b7d3d02aecdb36b019e103",
 		},
@@ -129,7 +134,10 @@ func TestCalcKey(t *testing.T) {
 						"debian": 1,
 					},
 				},
-				patterns: []string{"", "test"},
+				patterns: []string{
+					"",
+					"test",
+				},
 			},
 			want: "sha256:71abf09bf1422531e2838db692b80f9b9f48766f56b7d3d02aecdb36b019e103",
 		},
@@ -177,6 +185,23 @@ func TestCalcKey(t *testing.T) {
 			},
 			want: "sha256:363f70f4ee795f250873caea11c2fc94ef12945444327e7e2f8a99e3884695e0",
 		},
+		{
+			name: "detection priority",
+			args: args{
+				key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e",
+				analyzerVersions: analyzer.Versions{
+					Analyzers: map[string]int{
+						"alpine": 1,
+						"debian": 1,
+					},
+				},
+				skipFiles:         []string{"app/deployment.yaml"},
+				skipDirs:          []string{"usr/java"},
+				policy:            []string{"testdata/policy"},
+				detectionPriority: types.PriorityComprehensive,
+			},
+			want: "sha256:2f1c898271e84f4382cd48ae7533069cc3dc656c2d688ac108f5db1a0d9fd393",
+		},
 		{
 
 			name: "secret config",
@@ -231,7 +256,8 @@ func TestCalcKey(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			artifactOpt := artifact.Option{
-				FilePatterns: tt.args.patterns,
+				FilePatterns:      tt.args.patterns,
+				DetectionPriority: tt.args.detectionPriority,
 
 				MisconfScannerOption: misconf.ScannerOption{
 					PolicyPaths: tt.args.policy,
@@ -249,7 +275,6 @@ func TestCalcKey(t *testing.T) {
 			}
 			got, err := CalcKey(tt.args.key, tt.args.analyzerVersions, tt.args.hookVersions, artifactOpt)
 			if tt.wantErr != "" {
-				require.Error(t, err)
 				assert.ErrorContains(t, err, tt.wantErr)
 				return
 			}