Detect matches in build files (like pom.xml) only works if the tag contains Metadata

Is your feature request related to a problem? Please describe. We are trying to create a custom rule that detects dependencies of our libraries in pom.xml or package.json. The rule looks like: { "name": "Our Framework: Java", "id": "OU000000", "description": "Our Framework: Java", "applies_to": [ "pom.xml" ], "tags":[ "Our.Framework.Java" ], "severity": "moderate", "patterns": [ { "pattern": "our-framework", "type": "string", "scopes": [ "all" ], "modifiers": ["i"], "confidence": "high" } ] }

But this rule never matches anything. I read in the documentation (https://github.com/microsoft/ApplicationInspector/wiki/3.5-Tags) that this rule will only work if the tag name contains Metadata. In fact, there are some buit-in rules that will never match anything like: { "name": "Development: Build Tool (Maven)", "id": "AI016800", "description": "Development: Build Tool (Maven)", "applies_to": [ "pom.xml" ], "tags": [ "Development.Build.Maven" ], "severity": "moderate", "patterns": [ { "pattern": "Maven", "type": "regex", "scopes": [ "code", "comment" ], "modifiers": [ "i" ], "confidence": "high" } ] } in https://github.com/microsoft/ApplicationInspector/blob/main/AppInspector/rules/default/frameworks/build.json

Describe the solution you’d like I think that if a rule explicitly applies to a build-type file (like pom.xml), it should match even if the Tag doesn’t contains Metadata, maintaining the restriction for rules that applies to other languages.