Filebeat after v7.12 does not show dependency information

Hi Team,

We are using the filebeat 3pp in our project. We use few scanning tools like (trivy, anchore) to detect the vulnerabilities in the filebeat project. Till v7.12, we were able to detect the vulnerabilities. But after that, those are not detected.

Normally, scanning tool will get the dependency information from binary and identify the vulnerabilities. It will run the below command to get those dependency information.

go version -m <filebeat binary file>

When we check after 7.12 version this command does not give the dependency information for filebeat binary package and throw below error
filebeat: go version not found

Could you please share your comments on this why it was not added the dependency information in binary file at the time of building? And also if we want to add that how/where to add in the source repo to build the binary ourselves with dependency information?

Adding a link to the GitHub issue for reference: Filebeat binary package does not show dependency information · Issue #30494 · elastic/beats · GitHub

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.