aquasecurity · ankk13 · Aug 19, 2022 · Aug 22, 2022 · Sep 6, 2022 · knqyf263
@@ -39,11 +39,12 @@ var (
 
 type ScannerOption struct {
 	ConfigPath string
+	Config     *secret.Config
 }
 
 // SecretAnalyzer is an analyzer for secrets
 type SecretAnalyzer struct {
-	scanner    secret.Scanner
+	Scanner    secret.Scanner
 	configPath string
 }
 
@@ -62,7 +63,7 @@ func newSecretAnalyzer(configPath string) (SecretAnalyzer, error) {
 		return SecretAnalyzer{}, xerrors.Errorf("secret scanner error: %w", err)
 	}
 	return SecretAnalyzer{
-		scanner:    s,
+		Scanner:    s,
 		configPath: configPath,
 	}, nil
 }
@@ -87,7 +88,7 @@ func (a SecretAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput)
 		filePath = fmt.Sprintf("/%s", filePath)
 	}
 
-	result := a.scanner.Scan(secret.ScanArgs{
+	result := a.Scanner.Scan(secret.ScanArgs{
 		FilePath: filePath,
 		Content:  content,
 	})
@@ -154,7 +155,7 @@ func (a SecretAnalyzer) Required(filePath string, fi os.FileInfo) bool {
 		return false
 	}
 
-	if a.scanner.AllowPath(filePath) {
+	if a.Scanner.AllowPath(filePath) {
 		return false
 	}
 

@@ -9,6 +9,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
+	"github.com/aquasecurity/trivy/pkg/fanal/secret"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
@@ -97,12 +98,13 @@ func TestSecretAnalyzer(t *testing.T) {
 	tests := []struct {
 		name       string
 		configPath string
+		config     *secret.Config
 		filePath   string
 		dir        string
 		want       *analyzer.AnalysisResult
 	}{
 		{
-			name:       "return results",
+			name:       "return results with config file",
 			configPath: "testdata/config.yaml",
 			filePath:   "testdata/secret.txt",
 			dir:        ".",

@@ -287,14 +287,17 @@ func NewScanner(configPath string) (Scanner, error) {
 
 	log.Logger.Infof("Loading %s for secret scanning...", configPath)
 
-	// reset global
-	global = Global{}
-
 	var config Config
 	if err = yaml.NewDecoder(f).Decode(&config); err != nil {
 		return Scanner{}, xerrors.Errorf("secrets config decode error: %w", err)
 	}
 
+	return NewScannerByConfig(config)
+}
+
+func NewScannerByConfig(config Config) (Scanner, error) {
+	global := &Global{}
+
 	enabledRules := builtinRules
 	if len(config.EnableBuiltinRuleIDs) != 0 {
 		// Enable only specified built-in rules
@@ -319,7 +322,7 @@ func NewScanner(configPath string) (Scanner, error) {
 
 	global.ExcludeBlock = config.ExcludeBlock
 
-	return Scanner{Global: &global}, nil
+	return Scanner{Global: global}, nil
 }
 
 type ScanArgs struct {