Create missing image and layer directory codebase resources (#1946)

Signed-off-by: tdruez <[email protected]>

Author: tdruez

.github/workflows/sca-integration-cyclonedx-gomod.yml

@@ -13,7 +13,6 @@ on:
   schedule:
     # Run once a week (every 7 days) at 00:00 UTC on Sunday
     - cron: "0 0 * * 0"
-  pull_request:
 
 permissions:
   contents: read

scanpipe/pipes/docker.py

@@ -169,8 +169,24 @@ def get_layer_tag(image_id, layer_id, layer_index, id_length=6):
     return f"img-{short_image_id}-layer-{layer_index:02}-{short_layer_id}"
 
 
-def create_codebase_resources(project, image):
-    """Create the CodebaseResource for an `image` in a `project`."""
+def create_codebase_resources(project, image: Image) -> None:
+    """
+    Create codebase resources for the provided image and its layers.
+
+    Creates a codebase resource for the extracted image root directory and each
+    extracted layer directory, ensuring the structure is properly indexed for tree
+    rendering.
+
+    Args:
+        project: The project instance.
+        image: The image object with the extracted_location attribute.
+
+    """
+    pipes.make_codebase_resource(
+        project=project,
+        location=str(project.codebase_path / Path(image.extracted_location).name),
+    )
+
     for layer_index, layer in enumerate(image.layers, start=1):
         layer_tag = get_layer_tag(image.image_id, layer.layer_id, layer_index)
 
@@ -182,6 +198,17 @@ def create_codebase_resources(project, image):
                 tag=layer_tag,
             )
 
+        layer_data = layer.to_dict()
+        layer_data.pop("extracted_location", None)
+        layer_data.pop("archive_location", None)
+        pipes.make_codebase_resource(
+            project=project,
+            location=str(layer.extracted_location),
+            tag=layer_tag,
+            # Store the layer data in the extra_data for display in the UI
+            extra_data={"layer": layer_data},
+        )
+
 
 def create_system_package(project, purl, package, layer, layer_tag):
     """Create system package and related resources."""

scanpipe/tests/data/docker/alpine_3_15_4_scan_codebase.json

@@ -1574,6 +1574,94 @@
   ],
   "dependencies": [],
   "files": [
+    {
+      "path": "alpine_3_15_4.tar.gz-extract",
+      "type": "directory",
+      "name": "alpine_3_15_4.tar.gz-extract",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "",
+      "extension": ".tar.gz-extract",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {}
+    },
+    {
+      "path": "alpine_3_15_4.tar.gz-extract/40e48c8ef2450e6a9e8d50b846a58ede43f1b01dd351d2bdd7dca14c5c033f20",
+      "type": "directory",
+      "name": "40e48c8ef2450e6a9e8d50b846a58ede43f1b01dd351d2bdd7dca14c5c033f20",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "img-06c7c4-layer-01-40e48c",
+      "extension": "",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {
+        "layer": {
+          "os": null,
+          "author": null,
+          "labels": [],
+          "sha256": "40e48c8ef2450e6a9e8d50b846a58ede43f1b01dd351d2bdd7dca14c5c033f20",
+          "comment": null,
+          "created": "2022-04-05T00:19:59.790636867Z",
+          "variant": null,
+          "layer_id": "40e48c8ef2450e6a9e8d50b846a58ede43f1b01dd351d2bdd7dca14c5c033f20",
+          "created_by": "/bin/sh -c #(nop) ADD file:5d673d25da3a14ce1f6cf66e4c7fd4f4b85a3759a9d93efb3fd9ff852b5b56e4 in / ",
+          "os_version": null,
+          "architecture": null,
+          "docker_version": null,
+          "is_empty_layer": false
+        }
+      }
+    },
     {
       "path": "alpine_3_15_4.tar.gz-extract/40e48c8ef2450e6a9e8d50b846a58ede43f1b01dd351d2bdd7dca14c5c033f20/bin",
       "type": "directory",

scanpipe/tests/data/docker/centos_scan_codebase.json

@@ -191354,6 +191354,94 @@
   ],
   "dependencies": [],
   "files": [
+    {
+      "path": "centos.tar.gz-extract",
+      "type": "directory",
+      "name": "centos.tar.gz-extract",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "",
+      "extension": ".tar.gz-extract",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {}
+    },
+    {
+      "path": "centos.tar.gz-extract/a10cf747c363a52be048f884c084a25e03280d54a7ac02e17dbd8c5ad160e9bd",
+      "type": "directory",
+      "name": "a10cf747c363a52be048f884c084a25e03280d54a7ac02e17dbd8c5ad160e9bd",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "img-c967b7-layer-01-a10cf7",
+      "extension": "",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {
+        "layer": {
+          "os": null,
+          "author": null,
+          "labels": [],
+          "sha256": "a10cf747c363a52be048f884c084a25e03280d54a7ac02e17dbd8c5ad160e9bd",
+          "comment": null,
+          "created": null,
+          "variant": null,
+          "layer_id": "a10cf747c363a52be048f884c084a25e03280d54a7ac02e17dbd8c5ad160e9bd",
+          "created_by": null,
+          "os_version": null,
+          "architecture": null,
+          "docker_version": null,
+          "is_empty_layer": false
+        }
+      }
+    },
     {
       "path": "centos.tar.gz-extract/a10cf747c363a52be048f884c084a25e03280d54a7ac02e17dbd8c5ad160e9bd/etc",
       "type": "directory",

scanpipe/tests/data/docker/debian_scan_codebase.json

@@ -439,6 +439,94 @@
   ],
   "dependencies": [],
   "files": [
+    {
+      "path": "debian.tar.gz-extract",
+      "type": "directory",
+      "name": "debian.tar.gz-extract",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "",
+      "extension": ".tar.gz-extract",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {}
+    },
+    {
+      "path": "debian.tar.gz-extract/8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66",
+      "type": "directory",
+      "name": "8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66",
+      "status": "scanned",
+      "for_packages": [],
+      "tag": "img-c19c05-layer-01-8a6376",
+      "extension": "",
+      "programming_language": "",
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "emails": [],
+      "urls": [],
+      "md5": "",
+      "sha1": "",
+      "sha256": "",
+      "sha512": "",
+      "sha1_git": "",
+      "is_binary": false,
+      "is_text": false,
+      "is_archive": false,
+      "is_media": false,
+      "is_legal": false,
+      "is_manifest": false,
+      "is_readme": false,
+      "is_top_level": false,
+      "is_key_file": false,
+      "extra_data": {
+        "layer": {
+          "os": null,
+          "author": null,
+          "labels": [],
+          "sha256": "8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66",
+          "comment": null,
+          "created": "2022-04-29T23:21:15.290486282Z",
+          "variant": null,
+          "layer_id": "8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66",
+          "created_by": "/bin/sh -c #(nop) ADD file:37744639836b248c88f6e126619829290b45c233309538310e8fffb82e98eaf8 in / ",
+          "os_version": null,
+          "architecture": null,
+          "docker_version": null,
+          "is_empty_layer": false
+        }
+      }
+    },
     {
       "path": "debian.tar.gz-extract/8a63761caf6d45e65b8e6cdc2e0c03c55625fd142ec3356b80a9ea4a34b11b66/etc",
       "type": "directory",