Windows - All files are not getting detected in fast file walk

[santhosh1729]

Description

When we scan host with fs command, all files are not being detected by file walk.

I have placed file in C:\exp, C:\Users\win_user\Desktop,C:\Users\win_user\Downloads folders then did a fs scan, I can only see the jar in output which I kept in C:\exp path. So I added logs in Walk function of pkg/fanal/walker/fs.go to see what files are being processed.

Here I noticed that only file which was kept in C:\exp was detected by file walk and remaiing all are ignored by walk function due to that we don't see all jars in ouput

Desired Behavior

fs command should detect the jar files in all folders means output should contain 3 jars from C:\exp, C:\Users\win_user\Desktop,C:\Users\win_user\Downloads folders

Actual Behavior

fs command output contains only one jar file from C:\exp,

Reproduction Steps

1. Keep **jackson-databind-2.14.0.jar** in different folders
2. Run trivy-scanner trivy-scanner fs --packages --sensitive --executables  --outfile test_trivy.json
3. Check the output of test_trivy.json, can see only one jar instead of three jars
...

Target

None

Scanner

None

Output Format

JSON

Mode

None

Debug Output

C:\Users\win_user\Desktop>trivy-scanner-master.exe fs --debug
{"schema_version":2,"os":{"family":"windows","name":"10.0.17763"},"package_infos":[{"packages":[{"name":"kernel","version":"17763.1935","release":"10.0.17763","layer":{}}]}],"applications":[{"type":"gobinary","file_path":"$Recycle.Bin/S-1-5-21-1120967344-2022832204-2926355610-1008/$RA79VSV.exe","libraries":[{"name":"../../../../src/github.com/trivy","version":"(devel)","layer":{}},{"name":"bitbucket.org/scalock/aquatypes","version":"v0.0.0-20230720111808-455ba623187d","layer":{}},{"name":"bitbucket.org/scalock/cybercenter-client","version":"v0.0.0-20230720124818-bcc8ccf4e955","layer":{}},{"name":"bitbucket.org/scalock/utils","version":"v7.0.2-0.20211017161443-39b515054829+incompatible","layer":{}},{"name":"cloud.google.com/go","version":"v0.110.0","layer":{}},{"name":"cloud.google.com/go/compute/metadata","version":"v0.2.3","layer":{}},{"name":"cloud.google.com/go/iam","version":"v0.13.0","layer":{}},{"name":"cloud.google.com/go/storage","version":"v1.29.0","layer":{}},{"name":"github.com/Azure/azure-sdk-for-go","version":"v68.0.0+incompatible","layer":{}},{"name":"github.com/Azure/azure-sdk-for-go/sdk/azcore","version":"v1.6.0","layer":{}},{"name":"github.com/Azure/azure-sdk-for-go/sdk/azidentity","version":"v1.3.0","layer":{}},{"name":"github.com/Azure/azure-sdk-for-go/sdk/internal","version":"v1.3.0","layer":{}},{"name":"github.com/Azure/go-ansiterm","version":"v0.0.0-20210617225240-d185dfc1b5a1","layer":{}},{"name":"github.com/Azure/go-autorest/autorest","version":"v0.11.29","layer":{}},{"name":"github.com/Azure/go-autorest/autorest/adal","version":"v0.9.23","layer":{}},{"name":"github.com/Azure/go-autorest/autorest/date","version":"v0.3.0","layer":{}},{"name":"github.com/Azure/go-autorest/logger","version":"v0.2.1","layer":{}},{"name":"github.com/Azure/go-autorest/tracing","version":"v0.6.0","layer":{}},{"name":"github.com/AzureAD/microsoft-authentication-library-for-go","version":"v1.0.0","layer":{}},{"name":"github.com/BurntSushi/toml","version":"v1.3.2","layer":{}},{"name":"github.com/CycloneDX/cyclonedx-go","version":"v0.7.0","layer":{}},{"name":"github.com/GoogleCloudPlatform/docker-credential-gcr","version":"v2.0.5+incompatible","layer":{}},{"name":"github.com/MakeNowJust/heredoc","version":"v1.0.0","layer":{}},{"name":"github.com/Masterminds/goutils","version":"v1.1.1","layer":{}},{"name":"github.com/Masterminds/semver","version":"v1.5.0","layer":{}},{"name":"github.com/Masterminds/semver/v3","version":"v3.2.1","layer":{}},{"name":"github.com/Masterminds/sprig/v3","version":"v3.2.3","layer":{}},{"name":"github.com/Masterminds/squirrel","version":"v1.5.4","layer":{}},{"name":"github.com/Microsoft/go-winio","version":"v0.6.1","layer":{}},{"name":"github.com/Microsoft/hcsshim","version":"v0.10.0-rc.8","layer":{}},{"name":"github.com/OneOfOne/xxhash","version":"v1.2.8","layer":{}},{"name":"github.com/ProtonMail/go-crypto","version":"v0.0.0-20230518184743-7afd39499903","layer":{}},{"name":"github.com/Rican7/retry","version":"v0.1.0","layer":{}},{"name":"github.com/VividCortex/ewma","version":"v1.2.0","layer":{}},{"name":"github.com/agext/levenshtein","version":"v1.2.3","layer":{}},{"name":"github.com/agnivade/levenshtein","version":"v1.1.1","layer":{}},{"name":"github.com/alecthomas/chroma","version":"v0.10.0","layer":{}},{"name":"github.com/anchore/go-struct-converter","version":"v0.0.0-20221118182256-c68fdcfa2092","layer":{}},{"name":"github.com/apparentlymart/go-cidr","version":"v1.1.0","layer":{}},{"name":"github.com/apparentlymart/go-textseg/v13","version":"v13.0.0","layer":{}},{"name":"github.com/aquasecurity/defsec","version":"v0.90.3","layer":{}},{"name":"github.com/aquasecurity/fanal","version":"v0.0.0-20220621143759-7f9185d5d01d","layer":{}},{"name":"github.com/aquasecurity/go-dep-parser","version":"v0.0.0-20230626110909-e7ea5097483b","layer":{}},{"name":"github.com/aquasecurity/go-npm-version","version":"v0.0.0-20201110091526-0b796d180798","layer":{}},{"name":"github.com/aquasecurity/go-pep440-version","version":"v0.0.0-20210121094942-22b2f8951d46","layer":{}},{"name":"github.com/aquasecurity/go-version","version":"v0.0.0-20210121072130-637058cfe492","layer":{}},{"name":"github.com/aquasecurity/trivy-db","version":"v0.0.0-20230703082116-dc52e83376ce","layer":{}},{"name":"github.com/asaskevich/govalidator","version":"v0.0.0-20230301143203-a9d515a09cc2","layer":{}},{"name":"github.com/aws/aws-sdk-go","version":"v1.44.245","layer":{}},{"name":"github.com/aws/smithy-go","version":"v1.13.5","layer":{}},{"name":"github.com/beorn7/perks","version":"v1.0.1","layer":{}},{"name":"github.com/bgentry/go-netrc","version":"v0.0.0-20140422174119-9fd32a8b3d3d","layer":{}},{"name":"github.com/bmatcuk/doublestar","version":"v1.3.4","layer":{}},{"name":"github.com/bmatcuk/doublestar/v4","version":"v4.6.0","layer":{}},{"name":"github.com/cespare/xxhash/v2","version":"v2.2.0","layer":{}},{"name":"github.com/chai2010/gettext-go","version":"v1.0.2","layer":{}},{"name":"github.com/cheggaaa/pb/v3","version":"v3.1.2","layer":{}},{"name":"github.com/cloudflare/circl","version":"v1.3.3","layer":{}},{"name":"github.com/containerd/cgroups","version":"v1.1.0","layer":{}},{"name":"github.com/containerd/containerd","version":"v1.7.1","layer":{}},{"name":"github.com/containerd/continuity","version":"v0.3.0","layer":{}},{"name":"github.com/containerd/fifo","version":"v1.1.0","layer":{}},{"name":"github.com/containerd/stargz-snapshotter/estargz","version":"v0.14.3","layer":{}},{"name":"github.com/containerd/ttrpc","version":"v1.2.2","layer":{}},{"name":"github.com/containerd/typeurl","version":"v1.0.2","layer":{}},{"name":"github.com/containerd/typeurl/v2","version":"v2.1.1","layer":{}},{"name":"github.com/cpuguy83/go-md2man/v2","version":"v2.0.2","layer":{}},{"name":"github.com/cyphar/filepath-securejoin","version":"v0.2.3","layer":{}},{"name":"github.com/davecgh/go-spew","version":"v1.1.1","layer":{}},{"name":"github.com/deckarep/golang-set","version":"v1.8.0","layer":{}},{"name":"github.com/dgryski/go-rendezvous","version":"v0.0.0-20200823014737-9f7001d12a5f","layer":{}},{"name":"github.com/dlclark/regexp2","version":"v1.4.0","layer":{}},{"name":"github.com/docker/cli","version":"v23.0.5+incompatible","layer":{}},{"name":"github.com/docker/distribution","version":"v2.8.2+incompatible","layer":{}},{"name":"github.com/docker/docker","version":"v23.0.5+incompatible","layer":{}},{"name":"github.com/docker/docker-credential-helpers","version":"v0.7.0","layer":{}},{"name":"github.com/docker/go-connections","version":"v0.4.0","layer":{}},{"name":"github.com/docker/go-events","version":"v0.0.0-20190806004212-e31b211e4f1c","layer":{}},{"name":"github.com/docker/go-metrics","version":"v0.0.1","layer":{}},{"name":"github.com/docker/go-units","version":"v0.5.0","layer":{}},{"name":"github.com/docker/libtrust","version":"v0.0.0-20160708172513-aabc10ec26b7","layer":{}},{"name":"github.com/dustin/go-humanize","version":"v1.0.1","layer":{}},{"name":"github.com/emicklei/go-restful/v3","version":"v3.10.1","layer":{}},{"name":"github.com/emirpasic/gods","version":"v1.18.1","layer":{}},{"name":"github.com/evanphx/json-patch","version":"v5.6.0+incompatible","layer":{}},{"name":"github.com/exponent-io/jsonpath","version":"v0.0.0-20151013193312-d6023ce2651d","layer":{}},{"name":"github.com/fatih/color","version":"v1.14.1","layer":{}},{"name":"github.com/ghodss/yaml","version":"v1.0.0","layer":{}},{"name":"github.com/glebarez/go-sqlite","version":"v1.20.3","layer":{}},{"name":"github.com/go-errors/errors","version":"v1.4.2","layer":{}},{"name":"github.com/go-git/gcfg","version":"v1.5.1-0.20230307220236-3a3c6141e376","layer":{}},{"name":"github.com/go-git/go-billy/v5","version":"v5.4.1","layer":{}},{"name":"github.com/go-git/go-git/v5","version":"v5.7.0","layer":{}},{"name":"github.com/go-gorp/gorp/v3","version":"v3.0.5","layer":{}},{"name":"github.com/go-logr/logr","version":"v1.2.4","layer":{}},{"name":"github.com/go-logr/stdr","version":"v1.2.2","layer":{}},{"name":"github.com/go-openapi/analysis","version":"v0.21.4","layer":{}},{"name":"github.com/go-openapi/errors","version":"v0.20.3","layer":{}},{"name":"github.com/go-openapi/jsonpointer","version":"v0.19.6","layer":{}},{"name":"github.com/go-openapi/jsonreference","version":"v0.20.1","layer":{}},{"name":"github.com/go-openapi/loads","version":"v0.21.2","layer":{}},{"name":"github.com/go-openapi/runtime","version":"v0.26.0","layer":{}},{"name":"github.com/go-openapi/spec","version":"v0.20.9","layer":{}},{"name":"github.com/go-openapi/strfmt","version":"v0.21.7","layer":{}},{"name":"github.com/go-openapi/swag","version":"v0.22.3","layer":{}},{"name":"github.com/go-openapi/validate","version":"v0.22.1","layer":{}},{"name":"github.com/go-redis/redis/v8","version":"v8.11.5","layer":{}},{"name":"github.com/gobwas/glob","version":"v0.2.3","layer":{}},{"name":"github.com/gogo/protobuf","version":"v1.3.2","layer":{}},{"name":"github.com/golang-jwt/jwt/v4","version":"v4.5.0","layer":{}},{"name":"github.com/golang/groupcache","version":"v0.0.0-20210331224755-41bb18bfe9da","layer":{}},{"name":"github.com/golang/protobuf","version":"v1.5.3","layer":{}},{"name":"github.com/google/btree","version":"v1.1.2","layer":{}},{"name":"github.com/google/gnostic","version":"v0.5.7-v3refs","layer":{}},{"name":"github.com/google/go-cmp","version":"v0.5.9","layer":{}},{"name":"github.com/google/go-containerregistry","version":"v0.15.2","layer":{}},{"name":"github.com/google/gofuzz","version":"v1.2.0","layer":{}},{"name":"github.com/google/licenseclassifier/v2","version":"v2.0.0","layer":{}},{"name":"github.com/google/s2a-go","version":"v0.1.3","layer":{}},{"name":"github.com/google/shlex","version":"v0.0.0-20191202100458-e7afc7fbc510","layer":{}},{"name":"github.com/google/uuid","version":"v1.3.0","layer":{}},{"name":"github.com/googleapis/enterprise-certificate-proxy","version":"v0.2.3","layer":{}},{"name":"github.com/googleapis/gax-go/v2","version":"v2.8.0","layer":{}},{"name":"github.com/gorilla/mux","version":"v1.8.0","layer":{}},{"name":"github.com/gosuri/uitable","version":"v0.0.4","layer":{}},{"name":"github.com/gregjones/httpcache","version":"v0.0.0-20180305231024-9cad4c3443a7","layer":{}},{"name":"github.com/hashicorp/errwrap","version":"v1.1.0","layer":{}},{"name":"github.com/hashicorp/go-cleanhttp","version":"v0.5.2","layer":{}},{"name":"github.com/hashicorp/go-getter","version":"v1.7.1","layer":{}},{"name":"github.com/hashicorp/go-multierror","version":"v1.1.1","layer":{}},{"name":"github.com/hashicorp/go-safetemp","version":"v1.0.0","layer":{}},{"name":"github.com/hashicorp/go-uuid","version":"v1.0.3","layer":{}},{"name":"github.com/hashicorp/go-version","version":"v1.6.0","layer":{}},{"name":"github.com/hashicorp/golang-lru/v2","version":"v2.0.2","layer":{}},{"name":"github.com/hashicorp/hcl/v2","version":"v2.14.1","layer":{}},{"name":"github.com/huandu/xstrings","version":"v1.4.0","layer":{}},{"name":"github.com/imdario/mergo","version":"v0.3.15","layer":{}},{"name":"github.com/in-toto/in-toto-golang","version":"v0.9.0","layer":{}},{"name":"github.com/inconshreveable/mousetrap","version":"v1.1.0","layer":{}},{"name":"github.com/jbenet/go-context","version":"v0.0.0-20150711004518-d14ea06fba99","layer":{}},{"name":"github.com/jmespath/go-jmespath","version":"v0.4.0","layer":{}},{"name":"github.com/jmoiron/sqlx","version":"v1.3.5","layer":{}},{"name":"github.com/josharian/intern","version":"v1.0.0","layer":{}},{"name":"github.com/json-iterator/go","version":"v1.1.12","layer":{}},{"name":"github.com/kevinburke/ssh_config","version":"v1.2.0","layer":{}},{"name":"github.com/klauspost/compress","version":"v1.16.5","layer":{}},{"name":"github.com/knqyf263/go-apk-version","version":"v0.0.0-20200609155635-041fdbb8563f","layer":{}},{"name":"github.com/knqyf263/go-deb-version","version":"v0.0.0-20230223133812-3ed183d23422","layer":{}},{"name":"github.com/knqyf263/go-rpm-version","version":"v0.0.0-20220614171824-631e686d1075","layer":{}},{"name":"github.com/knqyf263/go-rpmdb","version":"v0.0.0-20230517124904-b97c85e63254","layer":{}},{"name":"github.com/knqyf263/nested","version":"v0.0.1","layer":{}},{"name":"github.com/kylelemons/godebug","version":"v1.1.0","layer":{}},{"name":"github.com/lann/builder","version":"v0.0.0-20180802200727-47ae307949d0","layer":{}},{"name":"github.com/lann/ps","version":"v0.0.0-20150810152359-62de8c46ede0","layer":{}},{"name":"github.com/liamg/iamgo","version":"v0.0.9","layer":{}},{"name":"github.com/liamg/jfather","version":"v0.0.7","layer":{}},{"name":"github.com/liamg/memoryfs","version":"v1.4.3","layer":{}},{"name":"github.com/lib/pq","version":"v1.10.9","layer":{}},{"name":"github.com/liggitt/tabwriter","version":"v0.0.0-20181228230101-89fcab3d43de","layer":{}},{"name":"github.com/lunixbochs/struc","version":"v0.0.0-20200707160740-784aaebc1d40","layer":{}},{"name":"github.com/mailru/easyjson","version":"v0.7.7","layer":{}},{"name":"github.com/masahiro331/go-disk","version":"v0.0.0-20220919035250-c8da316f91ac","layer":{}},{"name":"github.com/masahiro331/go-ext4-filesystem","version":"v0.0.0-20230612143131-27ccd485b7a1","layer":{}},{"name":"github.com/masahiro331/go-xfs-filesystem","version":"v0.0.0-20230608043311-a335f4599b70","layer":{}},{"name":"github.com/mattn/go-colorable","version":"v0.1.13","layer":{}},{"name":"github.com/mattn/go-isatty","version":"v0.0.17","layer":{}},{"name":"github.com/mattn/go-runewidth","version":"v0.0.13","layer":{}},{"name":"github.com/matttproud/golang_protobuf_extensions","version":"v1.0.4","layer":{}},{"name":"github.com/mh-cbon/ignore-file","version":"v0.0.0-20160815165550-11437de65242","layer":{}},{"name":"github.com/mitchellh/copystructure","version":"v1.2.0","layer":{}},{"name":"github.com/mitchellh/go-homedir","version":"v1.1.0","layer":{}},{"name":"github.com/mitchellh/go-testing-interface","version":"v1.14.1","layer":{}},{"name":"github.com/mitchellh/go-wordwrap","version":"v1.0.1","layer":{}},{"name":"github.com/mitchellh/hashstructure/v2","version":"v2.0.2","layer":{}},{"name":"github.com/mitchellh/mapstructure","version":"v1.5.0","layer":{}},{"name":"github.com/mitchellh/reflectwalk","version":"v1.0.2","layer":{}},{"name":"github.com/moby/buildkit","version":"v0.11.6","layer":{}},{"name":"github.com/moby/locker","version":"v1.0.1","layer":{}},{"name":"github.com/moby/patternmatcher","version":"v0.5.0","layer":{}},{"name":"github.com/moby/spdystream","version":"v0.2.0","layer":{}},{"name":"github.com/moby/sys/mountinfo","version":"v0.6.2","layer":{}},{"name":"github.com/moby/sys/sequential","version":"v0.5.0","layer":{}},{"name":"github.com/moby/sys/signal","version":"v0.7.0","layer":{}},{"name":"github.com/moby/sys/symlink","version":"v0.2.0","layer":{}},{"name":"github.com/moby/term","version":"v0.5.0","layer":{}},{"name":"github.com/modern-go/concurrent","version":"v0.0.0-20180306012644-bacd9c7ef1dd","layer":{}},{"name":"github.com/modern-go/reflect2","version":"v1.0.2","layer":{}},{"name":"github.com/monochromegane/go-gitignore","version":"v0.0.0-20200626010858-205db1a8cc00","layer":{}},{"name":"github.com/morikuni/aec","version":"v1.0.0","layer":{}},{"name":"github.com/munnerz/goautoneg","version":"v0.0.0-20191010083416-a7dc8b61c822","layer":{}},{"name":"github.com/oklog/ulid","version":"v1.3.1","layer":{}},{"name":"github.com/olekukonko/tablewriter","version":"v0.0.5","layer":{}},{"name":"github.com/open-policy-agent/opa","version":"v0.45.0","layer":{}},{"name":"github.com/opencontainers/go-digest","version":"v1.0.0","layer":{}},{"name":"github.com/opencontainers/image-spec","version":"v1.1.0-rc4","layer":{}},{"name":"github.com/opencontainers/runc","version":"v1.1.5","layer":{}},{"name":"github.com/opencontainers/runtime-spec","version":"v1.1.0-rc.1","layer":{}},{"name":"github.com/opencontainers/selinux","version":"v1.11.0","layer":{}},{"name":"github.com/opentracing/opentracing-go","version":"v1.2.0","layer":{}},{"name":"github.com/owenrumney/squealer","version":"v1.1.1","layer":{}},{"name":"github.com/package-url/packageurl-go","version":"v0.1.1","layer":{}},{"name":"github.com/patrickmn/go-cache","version":"v2.1.0+incompatible","layer":{}},{"name":"github.com/peterbourgon/diskv","version":"v2.0.1+incompatible","layer":{}},{"name":"github.com/pjbgf/sha1cd","version":"v0.3.0","layer":{}},{"name":"github.com/pkg/browser","version":"v0.0.0-20210911075715-681adbf594b8","layer":{}},{"name":"github.com/pkg/errors","version":"v0.9.1","layer":{}},{"name":"github.com/pmezard/go-difflib","version":"v1.0.0","layer":{}},{"name":"github.com/prometheus/client_golang","version":"v1.15.1","layer":{}},{"name":"github.com/prometheus/client_model","version":"v0.4.0","layer":{}},{"name":"github.com/prometheus/common","version":"v0.42.0","layer":{}},{"name":"github.com/rcrowley/go-metrics","version":"v0.0.0-20201227073835-cf1acfcdf475","layer":{}},{"name":"github.com/remyoudompheng/bigfft","version":"v0.0.0-20230129092748-24d4a6f8daec","layer":{}},{"name":"github.com/rivo/uniseg","version":"v0.2.0","layer":{}},{"name":"github.com/rubenv/sql-migrate","version":"v1.3.1","layer":{}},{"name":"github.com/russross/blackfriday/v2","version":"v2.1.0","layer":{}},{"name":"github.com/samber/lo","version":"v1.38.1","layer":{}},{"name":"github.com/saracen/walker","version":"v0.1.3","layer":{}},{"name":"github.com/secure-systems-lab/go-securesystemslib","version":"v0.6.0","layer":{}},{"name":"github.com/sergi/go-diff","version":"v1.2.0","layer":{}},{"name":"github.com/shibumi/go-pathspec","version":"v1.3.0","layer":{}},{"name":"github.com/shopspring/decimal","version":"v1.3.1","layer":{}},{"name":"github.com/sigstore/rekor","version":"v1.2.1","layer":{}},{"name":"github.com/sirupsen/logrus","version":"v1.9.0","layer":{}},{"name":"github.com/skeema/knownhosts","version":"v1.1.1","layer":{}},{"name":"github.com/spdx/tools-golang","version":"v0.5.0","layer":{}},{"name":"github.com/spf13/cast","version":"v1.5.1","layer":{}},{"name":"github.com/spf13/cobra","version":"v1.7.0","layer":{}},{"name":"github.com/spf13/pflag","version":"v1.0.5","layer":{}},{"name":"github.com/stretchr/objx","version":"v0.5.0","layer":{}},{"name":"github.com/stretchr/testify","version":"v1.8.4","layer":{}},{"name":"github.com/tchap/go-patricia/v2","version":"v2.3.1","layer":{}},{"name":"github.com/twitchtv/twirp","version":"v8.1.2+incompatible","layer":{}},{"name":"github.com/ulikunitz/xz","version":"v0.5.10","layer":{}},{"name":"github.com/urfave/cli/v2","version":"v2.23.5","layer":{}},{"name":"github.com/vbatts/tar-split","version":"v0.11.3","layer":{}},{"name":"github.com/xanzy/ssh-agent","version":"v0.3.3","layer":{}},{"name":"github.com/xeipuuv/gojsonpointer","version":"v0.0.0-20190905194746-02993c407bfb","layer":{}},{"name":"github.com/xeipuuv/gojsonreference","version":"v0.0.0-20180127040603-bd5ef7bd5415","layer":{}},{"name":"github.com/xeipuuv/gojsonschema","version":"v1.2.0","layer":{}},{"name":"github.com/xlab/treeprint","version":"v1.1.0","layer":{}},{"name":"github.com/xrash/smetrics","version":"v0.0.0-20201216005158-039620a65673","layer":{}},{"name":"github.com/yashtewari/glob-intersection","version":"v0.1.0","layer":{}},{"name":"github.com/zclconf/go-cty","version":"v1.10.0","layer":{}},{"name":"github.com/zclconf/go-cty-yaml","version":"v1.0.2","layer":{}},{"name":"go.etcd.io/bbolt","version":"v1.3.7","layer":{}},{"name":"go.mongodb.org/mongo-driver","version":"v1.11.3","layer":{}},{"name":"go.opencensus.io","version":"v0.24.0","layer":{}},{"name":"go.opentelemetry.io/otel","version":"v1.14.0","layer":{}},{"name":"go.opentelemetry.io/otel/trace","version":"v1.14.0","layer":{}},{"name":"go.starlark.net","version":"v0.0.0-20200306205701-8dd3e2ee1dd5","layer":{}},{"name":"go.uber.org/atomic","version":"v1.10.0","layer":{}},{"name":"go.uber.org/multierr","version":"v1.9.0","layer":{}},{"name":"go.uber.org/zap","version":"v1.24.0","layer":{}},{"name":"golang.org/x/crypto","version":"v0.10.0","layer":{}},{"name":"golang.org/x/exp","version":"v0.0.0-20230522175609-2e198f4a06a1","layer":{}},{"name":"golang.org/x/mod","version":"v0.11.0","layer":{}},{"name":"golang.org/x/net","version":"v0.11.0","layer":{}},{"name":"golang.org/x/oauth2","version":"v0.7.0","layer":{}},{"name":"golang.org/x/sync","version":"v0.3.0","layer":{}},{"name":"golang.org/x/sys","version":"v0.9.0","layer":{}},{"name":"golang.org/x/term","version":"v0.9.0","layer":{}},{"name":"golang.org/x/text","version":"v0.10.0","layer":{}},{"name":"golang.org/x/time","version":"v0.3.0","layer":{}},{"name":"golang.org/x/xerrors","version":"v0.0.0-20220907171357-04be3eba64a2","layer":{}},{"name":"google.golang.org/api","version":"v0.121.0","layer":{}},{"name":"google.golang.org/appengine","version":"v1.6.7","layer":{}},{"name":"google.golang.org/genproto","version":"v0.0.0-20230410155749-daa745c078e1","layer":{}},{"name":"google.golang.org/grpc","version":"v1.55.0","layer":{}},{"name":"google.golang.org/protobuf","version":"v1.31.0","layer":{}},{"name":"gopkg.in/inf.v0","version":"v0.9.1","layer":{}},{"name":"gopkg.in/warnings.v0","version":"v0.1.2","layer":{}},{"name":"gopkg.in/yaml.v2","version":"v2.4.0","layer":{}},{"name":"gopkg.in/yaml.v3","version":"v3.0.1","layer":{}},{"name":"helm.sh/helm/v3","version":"v3.12.1","layer":{}},{"name":"k8s.io/api","version":"v0.27.2","layer":{}},{"name":"k8s.io/apiextensions-apiserver","version":"v0.27.2","layer":{}},{"name":"k8s.io/apimachinery","version":"v0.27.2","layer":{}},{"name":"k8s.io/apiserver","version":"v0.27.2","layer":{}},{"name":"k8s.io/cli-runtime","version":"v0.27.2","layer":{}},{"name":"k8s.io/client-go","version":"v0.27.2","layer":{}},{"name":"k8s.io/component-base","version":"v0.27.2","layer":{}},{"name":"k8s.io/klog/v2","version":"v2.100.1","layer":{}},{"name":"k8s.io/kube-openapi","version":"v0.0.0-20230501164219-8b0f38b5fd1f","layer":{}},{"name":"k8s.io/kubectl","version":"v0.27.2","layer":{}},{"name":"k8s.io/utils","version":"v0.0.0-20230220204549-a5ecb0141aa5","layer":{}},{"name":"modernc.org/libc","version":"v1.22.5","layer":{}},{"name":"modernc.org/mathutil","version":"v1.5.0","layer":{}},{"name":"modernc.org/memory","version":"v1.5.0","layer":{}},{"name":"modernc.org/sqlite","version":"v1.23.1","layer":{}},{"name":"oras.land/oras-go","version":"v1.2.3","layer":{}},{"name":"sigs.k8s.io/json","version":"v0.0.0-20221116044647-bc3834ca7abd","layer":{}},{"name":"sigs.k8s.io/kustomize/api","version":"v0.13.2","layer":{}},{"name":"sigs.k8s.io/kustomize/kyaml","version":"v0.14.1","layer":{}},{"name":"sigs.k8s.io/structured-merge-diff/v4","version":"v4.2.3","layer":{}},{"name":"sigs.k8s.io/yaml","version":"v1.3.0","layer":{}}]},{"type":"jar","file_path":"exp/jackson-databind-2.14.0.jar","libraries":[{"name":"com.fasterxml.jackson.core:jackson-databind","version":"2.14.0","layer":{},"file_path":"exp/jackson-databind-2.14.0.jar"}]}]}

Operating System

windows

Version

~/src/github.com/trivy/cmd/trivy$ ./trivy  -v
Version: dev

Checklist

• Run trivy image --reset
• Read the troubleshooting

[DmitriyLewen]

Hello @santhosh1729
Thanks for your report!

The files analyzed vary depending on the target.
This is because Trivy primarily categorizes targets into two groups:

• Pre-build
• Post-build

If the target is a pre-build project, like a code repository, Trivy will analyze files used for building, such as lock files.
On the other hand, when the target is a post-build artifact, like a container image, Trivy will analyze installed package metadata like jar's, .gemspec, binary files, and so on.

You can see table with supported languages and modes here - https://aquasecurity.github.io/trivy/v0.44/docs/scanner/vulnerability/language/#supported-languages

In your case you need to use rootfs for jar files.

Regards, Dmitriy

[knqyf263]

#5179