feat: implement unified dependency collection for container engine

[PrasanthYT]

Overview

This change completes the container scanning pipeline by delegating vulnerability resolution to the existing SCA engine.

The container engine collects dependencies from container images and forwards them to the SCA engine for vulnerability analysis.

This avoids duplication and maintains a single source of vulnerability resolution logic.

Dependency Collection

The container engine collects dependencies from the reconstructed container filesystem.

Sources include:

• OS packages extracted from the container distribution
• Application dependencies discovered in the filesystem

These dependencies are merged into a unified dependency list.

Vulnerability Resolution

Collected dependencies are passed directly to the SCA engine.

Example implementation:

let deps = self.collect_all_dependencies(rootfs)?;
let result = self.sca_engine.resolve_dependencies(deps)?;

This reuses the existing SCA resolution pipeline.

Metadata Adjustment

Container scans override metadata to reflect the correct engine context.

engine = EngineType::Container
target = image name

This ensures findings are attributed correctly.

Separation of Concerns

The container engine strictly follows the engine architecture principles:

• No CLI logic
• No exit logic
• No policy enforcement
• No output formatting

The engine only produces structured ScanResult objects.

Result

The container scanning pipeline now performs:

ContainerEngine
  → Image acquisition
  → RootFS builder
  → Distro detection
  → OS package extraction
  → Application dependency discovery
  → Dependency merge
  → Vulnerability resolution via SCA engine

All vulnerability analysis remains centralized in the SCA engine.

Impact

• Eliminates duplicated vulnerability logic
• Reuses existing SCA infrastructure
• Preserves deterministic scanning behavior
• Completes functional container scanning pipeline