Hi Team,
We are using the filebeat 3pp in our project. We use few scanning tools like (trivy, anchore) to detect the vulnerabilities in the filebeat project. Till v7.12, we were able to detect the vulnerabilities. But after that, those are not detected.
Normally, scanning tool will get the dependency information from binary and identify the vulnerabilities. It will run the below command to get those dependency information.
go version -m <filebeat binary file>
When we check after 7.12 version this command does not give the dependency information for filebeat binary package and throw below error
filebeat: go version not found
Could you please share your comments on this why it was not added the dependency information in binary file at the time of building? And also if we want to add that how/where to add in the source repo to build the binary ourselves with dependency information?