Provision to run VET only for configured languages
What this MR does?
Adds a provision for VET to run against a given set of languages(target) instead of all the languages(supported).
We achieve this via a new ENV var called VET_LANG_EXT
, which accepts comma-separated file extensions of target languages that VET uses to filter while processing source files.
VET_LANG_EXT
ENV var should be defined in the analyzer's Dockerfile, where the target languages to scan are identified. For ex: brakeman
analyzer runs only for .rb
so VET_LANG_EXT=.rb
. Suppose we want semgrep
analyzer to run VET only for .go
files but not .js
despite having the support, we can define VET_LANG_EXT=.go
in the semgrep's Dockerfile.
VET runs only for .rb
if no value is set. I'm unsure if this is needed, so I am open to reverting.
If the above approach is approved, then I'll proceed to make relevant changes in semgrep and brakeman repositories