fix(license): add FilePath to results to allow for path filtering via…

… ignorefile
aquasecurity · Feb 28, 2024 · c2e35c2 · c2e35c2
1 parent e1ea02c
commit c2e35c2
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/docs/docs/configuration/filtering.md b/docs/docs/configuration/filtering.md
@@ -338,7 +338,7 @@ Available fields:
 | Field      | Required | Type                | Description                                                                                                                                                             |
 |------------|:--------:|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | id         |    ✓     | string              | The identifier of the vulnerability, misconfiguration, secret, or license[^1].                                                                                          |
-| paths[^2]  |          | string array        | The list of file paths to ignore. If `paths` is not set, the ignore finding is applied to all files.                                                                    |
+| paths      |          | string array        | The list of file paths to ignore. If `paths` is not set, the ignore finding is applied to all files.                                                                    |
 | purls      |          | string array        | The list of PURLs to ignore packages. If `purls` is not set, the ignore finding is applied to all packages. This field is currently available only for vulnerabilities. |
 | expired_at |          | date (`yyyy-mm-dd`) | The expiration date of the ignore finding. If `expired_at` is not set, the ignore finding is always valid.                                                              |
 | statement  |          | string              | The reason for ignoring the finding. (This field is not used for filtering.)                                                                                            |
@@ -494,4 +494,4 @@ Please refer to the [VEX documentation](../supply-chain/vex.md) for the details.
 
 
 [^1]: license name is used as id for `.trivyignore.yaml` files.
-[^2]: This doesn't work for package licenses. The `path` field can only be used for license files (licenses obtained using the [--license-full flag](../scanner/license.md#full-scanning)).
+[^2]: This doesn't work for os packages (e.g. apk, dpkg, rpm).
diff --git a/pkg/scanner/local/scan.go b/pkg/scanner/local/scan.go
@@ -316,6 +316,7 @@ func (s Scanner) scanLicenses(target types.ScanTarget, options types.ScanOptions
 					Category:   category,
 					PkgName:    lib.Name,
 					Name:       license,
+					FilePath:   lib.FilePath,
 					Confidence: 1.0,
 				})
 			}