Create missing image and layer directory codebase resources

Signed-off-by: tdruez <[email protected]>

Author: tdruez

.github/workflows/sca-integration-cyclonedx-gomod.yml

@@ -13,7 +13,6 @@ on:
   schedule:
     # Run once a week (every 7 days) at 00:00 UTC on Sunday
     - cron: "0 0 * * 0"
-  pull_request:
 
 permissions:
   contents: read

scanpipe/pipes/docker.py

@@ -169,11 +169,34 @@ def get_layer_tag(image_id, layer_id, layer_index, id_length=6):
     return f"img-{short_image_id}-layer-{layer_index:02}-{short_layer_id}"
 
 
-def create_codebase_resources(project, image):
-    """Create the CodebaseResource for an `image` in a `project`."""
+def create_codebase_resources(project, image: Image) -> None:
+    """
+    Create codebase resources for the provided image and its layers.
+
+    Creates a codebase resource for the extracted image root directory and each
+    extracted layer directory, ensuring the structure is properly indexed for tree
+    rendering.
+
+    Args:
+        project: The project instance.
+        image: The image object with the extracted_location attribute.
+
+    """
+    pipes.make_codebase_resource(
+        project=project,
+        location=str(project.codebase_path / Path(image.extracted_location).name),
+    )
+
     for layer_index, layer in enumerate(image.layers, start=1):
         layer_tag = get_layer_tag(image.image_id, layer.layer_id, layer_index)
 
+        pipes.make_codebase_resource(
+            project=project,
+            location=str(layer.extracted_location),
+            tag=layer_tag,
+            extra_data={"layer": {"created_by": layer.created_by}},
+        )
+
         for resource in layer.get_resources(with_dir=True):
             pipes.make_codebase_resource(
                 project=project,

scanpipe/tests/data/docker/debian_scan_codebase.json

@@ -439,6 +439,82 @@
   ],
   "dependencies": [],
   "files": [
+    {
+      "path": "debian.tar.gz-extract",
+      "type": "directory",
+      "name": "debian.tar.gz-extract",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "",
+      "extension": ".tar.gz-extract",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {}
+    },
+    {
+      "path": "debian.tar.gz-extract/8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66",
+      "type": "directory",
+      "name": "8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "img-c19c05-layer-01-8a6376",
+      "extension": "",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {
+        "layer": {
+          "created_by": "/bin/sh -c #(nop) ADD file:37744639836b248c88f6e126619829290b45c233309538310e8fffb82e98eaf8 in / "
+        }
+      }
+    },
     {
       "path": "debian.tar.gz-extract/8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66/etc",
       "type": "directory",

scanpipe/tests/data/docker/gcr_io_distroless_base_scan_codebase.json

@@ -507,6 +507,82 @@
   ],
   "dependencies": [],
   "files": [
+    {
+      "path": "gcr_io_distroless_base.tar.gz-extract",
+      "type": "directory",
+      "name": "gcr_io_distroless_base.tar.gz-extract",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "",
+      "extension": ".tar.gz-extract",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {}
+    },
+    {
+      "path": "gcr_io_distroless_base.tar.gz-extract/cb3279093e638ddfd56bff4d3d89c5a3ed6dd59dbcfbc2f3107045635996b822",
+      "type": "directory",
+      "name": "cb3279093e638ddfd56bff4d3d89c5a3ed6dd59dbcfbc2f3107045635996b822",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "img-f596dc-layer-02-cb3279",
+      "extension": "",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {
+        "layer": {
+          "created_by": "bazel build ..."
+        }
+      }
+    },
     {
       "path": "gcr_io_distroless_base.tar.gz-extract/cb3279093e638ddfd56bff4d3d89c5a3ed6dd59dbcfbc2f3107045635996b822/etc",
       "type": "directory",
@@ -15597,6 +15673,46 @@
       "is_key_file": false,
       "extra_data": {}
     },
+    {
+      "path": "gcr_io_distroless_base.tar.gz-extract/d92879194ba1c23b840306b007bce6568f71f0e954d63625d48504d533749e30",
+      "type": "directory",
+      "name": "d92879194ba1c23b840306b007bce6568f71f0e954d63625d48504d533749e30",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "img-f596dc-layer-01-d92879",
+      "extension": "",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {
+        "layer": {
+          "created_by": "bazel build ..."
+        }
+      }
+    },
     {
       "path": "gcr_io_distroless_base.tar.gz-extract/d92879194ba1c23b840306b007bce6568f71f0e954d63625d48504d533749e30/bin",
       "type": "directory",

scanpipe/tests/data/image-with-symlinks/minitag.tar-expected-scan.json

@@ -88,6 +88,82 @@
   "packages": [],
   "dependencies": [],
   "files": [
+    {
+      "path": "minitag.tar-extract",
+      "type": "directory",
+      "name": "minitag.tar-extract",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "",
+      "extension": ".tar-extract",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {}
+    },
+    {
+      "path": "minitag.tar-extract/887ac3b73f9a48d1324380c8d1ef033873a6cb882a5a9170fba51fa69fd5e5f0",
+      "type": "directory",
+      "name": "887ac3b73f9a48d1324380c8d1ef033873a6cb882a5a9170fba51fa69fd5e5f0",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "img-592e8d-layer-01-887ac3",
+      "extension": "",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {
+        "layer": {
+          "created_by": "/bin/sh -c #(nop) ADD file:783bda715f24a7fcabfe87ca07ae47e5cca3d35b99dd78e3155748e41477acb2 in / "
+        }
+      }
+    },
     {
       "path": "minitag.tar-extract/887ac3b73f9a48d1324380c8d1ef033873a6cb882a5a9170fba51fa69fd5e5f0/lib",
       "type": "directory",

scanpipe/tests/test_pipelines.py

@@ -1218,10 +1218,14 @@ def test_scanpipe_docker_pipeline_debian_integration(self):
         exitcode, out = pipeline.execute()
         self.assertEqual(0, exitcode, msg=out)
 
-        self.assertEqual(16, project1.codebaseresources.count())
+        self.assertEqual(18, project1.codebaseresources.count())
         self.assertEqual(2, project1.discoveredpackages.count())
         self.assertEqual(0, project1.discovereddependencies.count())
 
+        # Ensure all extracted resources exists as CodebaseResource
+        fs_resource_count = sum(1 for _ in project1.codebase_path.rglob("*"))
+        self.assertEqual(18, fs_resource_count)
+
         result_file = output.to_json(project1)
         expected_file = self.data / "docker" / "debian_scan_codebase.json"
         self.assertPipelineResultEqual(expected_file, result_file)
@@ -1241,7 +1245,7 @@ def test_scanpipe_docker_pipeline_distroless_debian_integration(self):
         exitcode, out = pipeline.execute()
         self.assertEqual(0, exitcode, msg=out)
 
-        self.assertEqual(2458, project1.codebaseresources.count())
+        self.assertEqual(2461, project1.codebaseresources.count())
         self.assertEqual(6, project1.discoveredpackages.count())
         self.assertEqual(0, project1.discovereddependencies.count())