From f144e912d34234f00b5a13b7a11a0019fa978b27 Mon Sep 17 00:00:00 2001
From: Charles Oxyer <46503080+charlesoxyer@users.noreply.github.com>
Date: Wed, 19 Jun 2024 03:30:55 -0700
Subject: [PATCH] feat: Add local ImageID to SARIF metadata (#6522)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
---
 integration/testdata/alpine-310.sarif.golden | 1 +
 pkg/report/sarif.go                          | 1 +
 pkg/report/sarif_test.go                     | 2 ++
 3 files changed, 4 insertions(+)

diff --git a/integration/testdata/alpine-310.sarif.golden b/integration/testdata/alpine-310.sarif.golden
index 535bd2d09f71..a875ba35fecf 100644
--- a/integration/testdata/alpine-310.sarif.golden
+++ b/integration/testdata/alpine-310.sarif.golden
@@ -184,6 +184,7 @@
         }
       },
       "properties": {
+        "imageID": "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4",
         "imageName": "testdata/fixtures/images/alpine-310.tar.gz",
         "repoDigests": null,
         "repoTags": null
diff --git a/pkg/report/sarif.go b/pkg/report/sarif.go
index ae84b8ff987f..a94dcccb2c9b 100644
--- a/pkg/report/sarif.go
+++ b/pkg/report/sarif.go
@@ -137,6 +137,7 @@ func (sw *SarifWriter) Write(ctx context.Context, report types.Report) error {
 			"imageName":   report.ArtifactName,
 			"repoTags":    report.Metadata.RepoTags,
 			"repoDigests": report.Metadata.RepoDigests,
+			"imageID":     report.Metadata.ImageID,
 		}
 	}
 	if sw.Target != "" {
diff --git a/pkg/report/sarif_test.go b/pkg/report/sarif_test.go
index 14b5b6027a3b..9ce3363cc321 100644
--- a/pkg/report/sarif_test.go
+++ b/pkg/report/sarif_test.go
@@ -31,6 +31,7 @@ func TestReportWriter_Sarif(t *testing.T) {
 				ArtifactName: "debian:9",
 				ArtifactType: artifact.TypeContainerImage,
 				Metadata: types.Metadata{
+					ImageID: "sha256:7640c3f9e75002deb419d5e32738eeff82cf2b3edca3781b4fe1f1f626d11b20",
 					RepoTags: []string{
 						"debian:9",
 					},
@@ -177,6 +178,7 @@ func TestReportWriter_Sarif(t *testing.T) {
 						PropertyBag: sarif.PropertyBag{
 							Properties: map[string]any{
 								"imageName":   "debian:9",
+								"imageID":     "sha256:7640c3f9e75002deb419d5e32738eeff82cf2b3edca3781b4fe1f1f626d11b20",
 								"repoDigests": []any{"debian@sha256:a8cc1744bbdd5266678e3e8b3e6387e45c053218438897e86876f2eb104e5534"},
 								"repoTags":    []any{"debian:9"},
 							},