Address review

cmd/vulcan-trivy/vulcan-trivy.go

@@ -36,7 +36,9 @@ const (
 	// the '--timeout' flag. The value should be bigger than the check timeout
 	// defined in the manifest, to ensure the check will have a 'TIMEOUT'
 	// status when the execution takes longer than expected.
-	trivyTimeout     = "2h"
+	trivyTimeout = "2h"
+	// maxNonBinaryFile defines the maximum size of non binary files to be scanned for secrets.
+	// Files bigger than 20MB will be skipped.
 	maxNonBinaryFile = 1024 * 1024 * 20
 )
 
@@ -50,8 +52,8 @@ var (
 		`pip:[^/]*requirements[^/]*\.txt`, // All the files .txt that contains requirements
 	}
 	ignoredPaths = []string{
-		// Paths to ignore while searching for big non binary files
-		".git",
+		// Paths to ignore while searching for big non binary files.
+		".git", // Already ignored by trivy.
 	}
 )
 
@@ -391,12 +393,13 @@ func run(ctx context.Context, target, assetType, optJSON string, state checkstat
 		}
 		defer os.RemoveAll(repoPath)
 
-		// Semgrep warns to --skip-files for large nonbinary (20MB) files because scanning those files for secrets can be time consuming.
+		// Trivy warns to --skip-files for large nonbinary (20MB) files because scanning those files for secrets can be time consuming.
 		// As there is no flag to opt-in to automatically discard those files we implement it before.
 		// See https://github.com/aquasecurity/trivy/blob/f9fceb58bf64657dee92302df1ed97e597e474c9/pkg/fanal/analyzer/secret/secret.go#L105
 		if opt.GitChecks.Secret {
 			if files, err := findLargeNonBinaryFiles(repoPath, ignoredPaths); err == nil {
 				for _, f := range files {
+					logger.WithField("skipped", f).Warn("Skipping large non-binary file")
 					trivyArgs = append(trivyArgs, "--skip-files", f)
 				}
 			}