| 38 | } |
| 39 | |
| 40 | func (a *secretAnalyzer) Analyze(_ context.Context, input analyzer.ConfigAnalysisInput) (*analyzer. |
| 41 | ConfigAnalysisResult, error) { |
| 42 | if input.Config == nil { |
| 43 | return nil, nil |
| 44 | } |
| 45 | b, err := json.MarshalIndent(input.Config, " ", "") |
| 46 | if err != nil { |
| 47 | return nil, xerrors.Errorf("json marshal error: %w", err) |
| 48 | } |
| 49 | |
| 50 | result := a.scanner.Scan(secret.ScanArgs{ |
| 51 | FilePath: "config.json", |
| 52 | Content: bytes.NewReader(b), |
| 53 | }) |
| 54 | |
| 55 | if len(result.Findings) == 0 { |
| 56 | log.Debug("No secrets found in container image config") |
| 57 | return nil, nil |
| 58 | } |
| 59 | |
| 60 | return &analyzer.ConfigAnalysisResult{ |
| 61 | Secret: &result, |
| 62 | }, nil |
| 63 | } |
| 64 | |
| 65 | func (a *secretAnalyzer) Required(_ types.OS) bool { |
| 66 | return true |