Only scan a few folders when using only os analyzers

DataDog · Jan 20, 2023 · 8216f68 · 8216f68
1 parent 05a7cb5
commit 8216f68
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/go.mod b/go.mod
@@ -578,7 +578,7 @@ replace github.com/vishvananda/netlink => github.com/DataDog/netlink v1.0.1-0.20
 // Use custom Trivy fork to reduce binary size
 // Pull in replacements needed by upstream Trivy
 replace (
-	github.com/aquasecurity/trivy => github.com/DataDog/trivy v0.0.0-20230118103707-807a7ff8aa02
+	github.com/aquasecurity/trivy => github.com/DataDog/trivy v0.0.0-20230120171913-9b1b011fb2fe
 	github.com/spdx/tools-golang => github.com/spdx/tools-golang v0.3.0
 	oras.land/oras-go => oras.land/oras-go v1.1.1
 )

diff --git a/go.sum b/go.sum
diff --git a/pkg/util/trivy/trivy.go b/pkg/util/trivy/trivy.go
@@ -79,7 +79,7 @@ func DefaultCollectorConfig(enabledAnalyzers []string) (CollectorConfig, error)
 		return CollectorConfig{}, err
 	}
 
-	return CollectorConfig{
+	collectorConfig := CollectorConfig{
 		ArtifactCache:      cache,
 		LocalArtifactCache: cache,
 		ArtifactOption: artifact.Option{
@@ -90,7 +90,13 @@ func DefaultCollectorConfig(enabledAnalyzers []string) (CollectorConfig, error)
 			SBOMSources:       []string{},
 			DisabledHandlers:  DefaultDisabledHandlers(),
 		},
-	}, nil
+	}
+
+	if len(enabledAnalyzers) == 1 && enabledAnalyzers[0] == OSAnalyzers {
+		collectorConfig.ArtifactOption.OnlyDirs = []string{"/etc", "/var/lib/dpkg", "/var/lib/rpm", "/lib/apk"}
+	}
+
+	return collectorConfig, nil
 }
 
 func DefaultDisabledCollectors(enabledAnalyzers []string) []analyzer.Type {