feat(image): save layers metadata into report (#8394)

Co-authored-by: knqyf263 <knqyf263@gmail.com>

Author: DmitriyLewen

integration/integration_test.go

@@ -153,6 +153,9 @@ func readReport(t *testing.T, filePath string) types.Report {
 	// We don't compare repo tags because the archive doesn't support it
 	report.Metadata.RepoTags = nil
 	report.Metadata.RepoDigests = nil
+	for i := range report.Metadata.Layers {
+		report.Metadata.Layers[i].Digest = ""
+	}
 
 	for i, result := range report.Results {
 		for j := range result.Vulnerabilities {

integration/sbom_test.go

@@ -47,6 +47,10 @@ func TestSBOM(t *testing.T) {
 				want.Results[0].Vulnerabilities[0].PkgIdentifier.BOMRef = "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810"
 				want.Results[0].Vulnerabilities[1].PkgIdentifier.BOMRef = "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"
 				want.Results[0].Vulnerabilities[2].PkgIdentifier.BOMRef = "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"
+
+				// SBOM file doesn't contain info about layers
+				want.Metadata.Size = 0
+				want.Metadata.Layers = nil
 			},
 		},
 		{
@@ -96,6 +100,10 @@ func TestSBOM(t *testing.T) {
 				want.Results[0].Vulnerabilities[0].PkgIdentifier.BOMRef = "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810"
 				want.Results[0].Vulnerabilities[1].PkgIdentifier.BOMRef = "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"
 				want.Results[0].Vulnerabilities[2].PkgIdentifier.BOMRef = "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810"
+
+				// SBOM file doesn't contain info about layers
+				want.Metadata.Size = 0
+				want.Metadata.Layers = nil
 			},
 		},
 		{
@@ -112,6 +120,10 @@ func TestSBOM(t *testing.T) {
 
 				require.Len(t, got.Results, 1)
 				want.Results[0].Target = "testdata/fixtures/sbom/centos-7-spdx.txt (centos 7.6.1810)"
+
+				// SBOM file doesn't contain info about layers
+				want.Metadata.Size = 0
+				want.Metadata.Layers = nil
 			},
 		},
 		{
@@ -128,6 +140,10 @@ func TestSBOM(t *testing.T) {
 
 				require.Len(t, got.Results, 1)
 				want.Results[0].Target = "testdata/fixtures/sbom/centos-7-spdx.json (centos 7.6.1810)"
+
+				// SBOM file doesn't contain info about layers
+				want.Metadata.Size = 0
+				want.Metadata.Layers = nil
 			},
 		},
 		{

integration/testdata/almalinux-8.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/almalinux-8.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 204637184,
     "OS": {
       "Family": "alma",
       "Name": "8.5"
@@ -44,7 +45,14 @@
         ],
         "Image": "sha256:d38d2eac03bc19e080df596d6148863a0f8293f3a277a7524f378da79a1feb0f"
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 204637184,
+        "Digest": "sha256:a1f18d9dc5496c63197eb9a4f1d4bf5cc88c6a34f64f0fe11ea233070392ce48",
+        "DiffID": "sha256:124d41c237c5e823577dda97e87cebaecce62d585c725d07e709ce410681de4d"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/alpine-310.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/alpine-310.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 5843968,
     "OS": {
       "Family": "alpine",
       "Name": "3.10.2",
@@ -46,7 +47,14 @@
         "Image": "sha256:06f4121dff4d0123ce11bd2e44f48da9ba9ddcd23ae376ea1f363f63ea0849b5",
         "ArgsEscaped": true
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 5843968,
+        "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
+        "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/alpine-39-high-critical.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 5796352,
     "OS": {
       "Family": "alpine",
       "Name": "3.9.4",
@@ -46,7 +47,14 @@
         "Image": "sha256:09f2bbe58e774849d74dc1391c2e01731896c745c4aba1ecf69a283bdb4b537a",
         "ArgsEscaped": true
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 5796352,
+        "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
+        "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/alpine-39-ignore-cveids.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 5796352,
     "OS": {
       "Family": "alpine",
       "Name": "3.9.4",
@@ -46,7 +47,14 @@
         "Image": "sha256:09f2bbe58e774849d74dc1391c2e01731896c745c4aba1ecf69a283bdb4b537a",
         "ArgsEscaped": true
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 5796352,
+        "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
+        "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/alpine-39-skip.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 5796352,
     "OS": {
       "Family": "none",
       "Name": ""
@@ -45,6 +46,13 @@
         "Image": "sha256:09f2bbe58e774849d74dc1391c2e01731896c745c4aba1ecf69a283bdb4b537a",
         "ArgsEscaped": true
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 5796352,
+        "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
+        "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"
+      }
+    ]
   }
 }

integration/testdata/alpine-39.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 5796352,
     "OS": {
       "Family": "alpine",
       "Name": "3.9.4",
@@ -46,7 +47,14 @@
         "Image": "sha256:09f2bbe58e774849d74dc1391c2e01731896c745c4aba1ecf69a283bdb4b537a",
         "ArgsEscaped": true
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 5796352,
+        "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
+        "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/alpine-distroless.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/alpine-distroless.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 35812864,
     "OS": {
       "Family": "alpine",
       "Name": "3.16"
@@ -41,7 +42,14 @@
         ],
         "User": "65532"
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 35812864,
+        "Digest": "sha256:6c6f69aa25501b090c54c62a9c17e978064c2f1328f67a7ef88c81ce5f2d7983",
+        "DiffID": "sha256:89da7cc836da4b53ab1ceb572576458c005e7e444b8bb79abda196668a2f0c92"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/amazon-1.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/amazon-1.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 172655616,
     "OS": {
       "Family": "amazon",
       "Name": "AMI release 2018.03"
@@ -45,7 +46,14 @@
         "Image": "sha256:8db654f611aca1693ac658bd981ee35e4b6517e6ef74fa608c4b3b3595a986c8",
         "ArgsEscaped": true
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 172655616,
+        "Digest": "sha256:105ff6bf468b1422ad7c47ea9d63eae82f875c93310cb8d34551951e754ef43b",
+        "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/amazon-2.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/amazon-2.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 168852480,
     "OS": {
       "Family": "amazon",
       "Name": "2 (Karoo)"
@@ -45,7 +46,14 @@
         "Image": "sha256:648b8b37f8b5087423bec7f4331271253f8aff63154761a67c22cd0c3ba2661b",
         "ArgsEscaped": true
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 168852480,
+        "Digest": "sha256:72d97abdfae3b3c933ff41e39779cc72853d7bd9dc1e4800c5294d6715257799",
+        "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/busybox-with-lockfile.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 1491456,
     "ImageID": "sha256:88702f6b6133bf06cc46af48437d0c0fc661239155548757c65916504a0e5eee",
     "DiffIDs": [
       "sha256:797ac4999b67d8c38a596919efa5b7b6a4a8fd5814cb8564efa482c5d8403e6d",
@@ -45,7 +46,19 @@
         ],
         "Image": "sha256:2fb6fc2d97e10c79983aa10e013824cc7fc8bae50630e32159821197dda95fe3"
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 1459200,
+        "Digest": "sha256:554879bb300427c7301c1cbdf266a7eba24a85b10d19f270b3d348b9eb9ca7df",
+        "DiffID": "sha256:797ac4999b67d8c38a596919efa5b7b6a4a8fd5814cb8564efa482c5d8403e6d"
+      },
+      {
+        "Size": 32256,
+        "Digest": "sha256:fd2e3bc9bccc9c677572a542d020998389de94f127ca2c252ae627fc7c241cee",
+        "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/centos-6.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/centos-6.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 201540608,
     "OS": {
       "Family": "centos",
       "Name": "6.10",
@@ -67,7 +68,14 @@
           "org.label-schema.vendor": "CentOS"
         }
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 201540608,
+        "Digest": "sha256:ff50d722b38227ec8f2bbf0cdbce428b66745077c173d8117d91376128fa532e",
+        "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/centos-7-ignore-unfixed.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 209451008,
     "OS": {
       "Family": "centos",
       "Name": "7.6.1810"
@@ -57,7 +58,14 @@
         },
         "ArgsEscaped": true
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 209451008,
+        "Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b",
+        "DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/centos-7-medium.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 209451008,
     "OS": {
       "Family": "centos",
       "Name": "7.6.1810"
@@ -57,7 +58,14 @@
         },
         "ArgsEscaped": true
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 209451008,
+        "Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b",
+        "DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a"
+      }
+    ]
   },
   "Results": [
     {

integration/testdata/centos-7.json.golden

@@ -4,6 +4,7 @@
   "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 209451008,
     "OS": {
       "Family": "centos",
       "Name": "7.6.1810"
@@ -57,7 +58,14 @@
         },
         "ArgsEscaped": true
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 209451008,
+        "Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b",
+        "DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a"
+      }
+    ]
   },
   "Results": [
     {