feat: add main component info (#1989)

Signed-off-by: Miguel Martinez <[email protected]>

Author: migmartri

pkg/attestation/renderer/chainloop/chainloop.go

@@ -75,6 +75,23 @@ type NormalizedMaterial struct {
 	EmbeddedInline bool
 	// Custom annotations
 	Annotations map[string]string
+	// Referenced source component, for SBOMs, SARIF files, etc
+	ReferencedSourceComponent *ReferencedSourceComponent
+}
+
+// Some materials such as SBOMs might have been generated from a source component
+// For example, you might have generated an SBOM for a container image and this is the ifnormation
+// name": "ghcr.io/chainloop-dev/chainloop/cli",
+// type": "container",
+// version": "sha256:bbfd27fcdb15c8082951dc59be2310a2a2e6b95e11002f8411e5918887faa607",
+type ReferencedSourceComponent struct {
+	// i.e container, file
+	Type string `json:"type"`
+	// i.e ghcr.io/chainloop-dev/chainloop/cli
+	Name string `json:"name"`
+	// i.e sha256:bbfd27fcdb15c8082951dc59be2310a2a2e6b95e11002f8411e5918887faa607
+	// or a tag i.e v0.1.0
+	Version string `json:"version"`
 }
 
 type ProvenancePredicateCommon struct {

pkg/attestation/renderer/chainloop/v02.go

@@ -471,6 +471,21 @@ func normalizeMaterial(material *intoto.ResourceDescriptor) (*NormalizedMaterial
 		m.Tag = v.GetStringValue()
 	}
 
+	// Extract the referenced source component
+	if v, ok := mAnnotationsMap[v1.AnnotationsSBOMMainComponentName]; ok && v.GetStringValue() != "" {
+		m.ReferencedSourceComponent = &ReferencedSourceComponent{
+			Name: v.GetStringValue(),
+		}
+
+		if v, ok := mAnnotationsMap[v1.AnnotationsSBOMMainComponentVersion]; ok && v.GetStringValue() != "" {
+			m.ReferencedSourceComponent.Version = v.GetStringValue()
+		}
+
+		if v, ok := mAnnotationsMap[v1.AnnotationsSBOMMainComponentType]; ok && v.GetStringValue() != "" {
+			m.ReferencedSourceComponent.Type = v.GetStringValue()
+		}
+	}
+
 	// In the case of an artifact type or derivative the filename is set and the inline content if any
 	if m.EmbeddedInline || m.UploadedToCAS {
 		m.Filename = material.Name