feat(report): Add CreatedAt to the JSON report. (#5542) (#5549)

Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>
aquasecurity · Nov 15, 2023 · f4dd062 · f4dd062
1 parent d005f5a
commit f4dd062
Show file tree

Hide file tree

Showing 81 changed files with 189 additions and 107 deletions.
diff --git a/docs/docs/supply-chain/attestation/vuln.md b/docs/docs/supply-chain/attestation/vuln.md
@@ -30,6 +30,7 @@ $ trivy image --format cosign-vuln --output vuln.json alpine:3.10
     },
     "result": {
       "SchemaVersion": 2,
+      "CreatedAt": 1629894030,
       "ArtifactName": "alpine:3.10",
       "ArtifactType": "container_image",
       "Metadata": {

diff --git a/integration/client_server_test.go b/integration/client_server_test.go
@@ -354,7 +354,7 @@ func TestClientServerWithFormat(t *testing.T) {
 		},
 	}
 
-	fakeTime := time.Date(2020, 8, 10, 7, 28, 17, 958601, time.UTC)
+	fakeTime := time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC)
 	clock.SetFakeTime(t, fakeTime)
 
 	report.CustomTemplateFuncMap = map[string]interface{}{
@@ -419,7 +419,7 @@ func TestClientServerWithCycloneDX(t *testing.T) {
 	addr, cacheDir := setup(t, setupOptions{})
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			clock.SetFakeTime(t, time.Date(2020, 9, 10, 14, 20, 30, 5, time.UTC))
+			clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
 			uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d")
 
 			osArgs, outputFile := setupClient(t, tt.args, addr, cacheDir, tt.golden)

diff --git a/integration/integration_test.go b/integration/integration_test.go
@@ -27,6 +27,7 @@ import (
 
 	"github.com/aquasecurity/trivy-db/pkg/db"
 	"github.com/aquasecurity/trivy-db/pkg/metadata"
+	"github.com/aquasecurity/trivy/pkg/clock"
 	"github.com/aquasecurity/trivy/pkg/commands"
 	"github.com/aquasecurity/trivy/pkg/dbtest"
 	"github.com/aquasecurity/trivy/pkg/types"
@@ -43,6 +44,8 @@ func initDB(t *testing.T) string {
 	entries, err := os.ReadDir(fixtureDir)
 	require.NoError(t, err)
 
+	clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
+
 	var fixtures []string
 	for _, entry := range entries {
 		if entry.IsDir() {

diff --git a/integration/repo_test.go b/integration/repo_test.go
@@ -480,7 +480,7 @@ func TestRepository(t *testing.T) {
 			osArgs = append(osArgs, "--output", outputFile)
 			osArgs = append(osArgs, tt.args.input)
 
-			clock.SetFakeTime(t, time.Date(2020, 9, 10, 14, 20, 30, 5, time.UTC))
+			clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
 			uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d")
 
 			// Run "trivy repo"

diff --git a/integration/testdata/almalinux-8.json.golden b/integration/testdata/almalinux-8.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/almalinux-8.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/alpine-310-registry.json.golden b/integration/testdata/alpine-310-registry.json.golden
@@ -1,6 +1,7 @@
 {
   "SchemaVersion": 2,
-  "ArtifactName": "localhost:55844/alpine:3.10",
+  "CreatedAt": 1629894030,
+  "ArtifactName": "localhost:53869/alpine:3.10",
   "ArtifactType": "container_image",
   "Metadata": {
     "OS": {
@@ -13,10 +14,10 @@
       "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
     ],
     "RepoTags": [
-      "localhost:55844/alpine:3.10"
+      "localhost:53869/alpine:3.10"
     ],
     "RepoDigests": [
-      "localhost:55844/alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60"
+      "localhost:53869/alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60"
     ],
     "ImageConfig": {
       "architecture": "amd64",
@@ -55,7 +56,7 @@
   },
   "Results": [
     {
-      "Target": "localhost:55844/alpine:3.10 (alpine 3.10.2)",
+      "Target": "localhost:53869/alpine:3.10 (alpine 3.10.2)",
       "Class": "os-pkgs",
       "Type": "alpine",
       "Vulnerabilities": [

diff --git a/integration/testdata/alpine-310.asff.golden b/integration/testdata/alpine-310.asff.golden
@@ -7,8 +7,8 @@
             "GeneratorId": "Trivy/CVE-2019-1549",
             "AwsAccountId": "123456789012",
             "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
-            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "CreatedAt": "2021-08-25T12:20:30.000000005Z",
+            "UpdatedAt": "2021-08-25T12:20:30.000000005Z",
             "Severity": {
                 "Label": "MEDIUM"
             },
@@ -52,8 +52,8 @@
             "GeneratorId": "Trivy/CVE-2019-1551",
             "AwsAccountId": "123456789012",
             "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
-            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "CreatedAt": "2021-08-25T12:20:30.000000005Z",
+            "UpdatedAt": "2021-08-25T12:20:30.000000005Z",
             "Severity": {
                 "Label": "MEDIUM"
             },
@@ -97,8 +97,8 @@
             "GeneratorId": "Trivy/CVE-2019-1549",
             "AwsAccountId": "123456789012",
             "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
-            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "CreatedAt": "2021-08-25T12:20:30.000000005Z",
+            "UpdatedAt": "2021-08-25T12:20:30.000000005Z",
             "Severity": {
                 "Label": "MEDIUM"
             },
@@ -142,8 +142,8 @@
             "GeneratorId": "Trivy/CVE-2019-1551",
             "AwsAccountId": "123456789012",
             "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
-            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "CreatedAt": "2021-08-25T12:20:30.000000005Z",
+            "UpdatedAt": "2021-08-25T12:20:30.000000005Z",
             "Severity": {
                 "Label": "MEDIUM"
             },

diff --git a/integration/testdata/alpine-310.gsbom.golden b/integration/testdata/alpine-310.gsbom.golden
@@ -11,7 +11,7 @@
     "correlator": "workflow-name_integration",
     "id": "1910764383"
   },
-  "scanned": "2020-08-10T07:28:17Z",
+  "scanned": "2021-08-25T12:20:30Z",
   "manifests": {
     "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)": {
       "name": "alpine",

diff --git a/integration/testdata/alpine-310.html.golden b/integration/testdata/alpine-310.html.golden
@@ -51,7 +51,7 @@
       }
       a.toggle-more-links { cursor: pointer; }
     </style>
-    <title>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10 07:28:17.000958601 +0000 UTC </title>
+    <title>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2021-08-25 12:20:30.000000005 +0000 UTC </title>
     <script>
       window.onload = function() {
         document.querySelectorAll('td.links').forEach(function(linkCell) {
@@ -81,7 +81,7 @@
     </script>
   </head>
   <body>
-    <h1>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10 07:28:17.000958601 +0000 UTC</h1>
+    <h1>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2021-08-25 12:20:30.000000005 +0000 UTC</h1>
     <table>
       <tr class="group-header"><th colspan="6">alpine</th></tr>
       <tr class="sub-header">

diff --git a/integration/testdata/alpine-310.json.golden b/integration/testdata/alpine-310.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-310.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/alpine-39-high-critical.json.golden b/integration/testdata/alpine-39-high-critical.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/alpine-39-ignore-cveids.json.golden b/integration/testdata/alpine-39-ignore-cveids.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/alpine-39-skip.json.golden b/integration/testdata/alpine-39-skip.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/alpine-39.json.golden b/integration/testdata/alpine-39.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/alpine-distroless.json.golden b/integration/testdata/alpine-distroless.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-distroless.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/amazon-1.json.golden b/integration/testdata/amazon-1.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/amazon-1.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/amazon-2.json.golden b/integration/testdata/amazon-2.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/amazon-2.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/amazonlinux2-gp2-x86-vm.json.golden b/integration/testdata/amazonlinux2-gp2-x86-vm.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "disk.img",
   "ArtifactType": "vm",
   "Metadata": {

diff --git a/integration/testdata/busybox-with-lockfile.json.golden b/integration/testdata/busybox-with-lockfile.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/centos-6.json.golden b/integration/testdata/centos-6.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/centos-6.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/centos-7-ignore-unfixed.json.golden b/integration/testdata/centos-7-ignore-unfixed.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/centos-7-medium.json.golden b/integration/testdata/centos-7-medium.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/centos-7.json.golden b/integration/testdata/centos-7.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/cocoapods.json.golden b/integration/testdata/cocoapods.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/cocoapods",
   "ArtifactType": "repository",
   "Metadata": {

diff --git a/integration/testdata/composer.lock.json.golden b/integration/testdata/composer.lock.json.golden
diff --git a/integration/testdata/conan.json.golden b/integration/testdata/conan.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/conan",
   "ArtifactType": "repository",
   "Metadata": {

diff --git a/integration/testdata/conda-cyclonedx.json.golden b/integration/testdata/conda-cyclonedx.json.golden
@@ -5,7 +5,7 @@
   "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
   "version": 1,
   "metadata": {
-    "timestamp": "2020-09-10T14:20:30+00:00",
+    "timestamp": "2021-08-25T12:20:30+00:00",
     "tools": [
       {
         "vendor": "aquasecurity",

diff --git a/integration/testdata/conda-spdx.json.golden b/integration/testdata/conda-spdx.json.golden
@@ -9,7 +9,7 @@
       "Organization: aquasecurity",
       "Tool: trivy-dev"
     ],
-    "created": "2020-09-10T14:20:30Z"
+    "created": "2021-08-25T12:20:30Z"
   },
   "packages": [
     {

diff --git a/integration/testdata/debian-buster-ignore-unfixed.json.golden b/integration/testdata/debian-buster-ignore-unfixed.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/debian-buster.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/debian-buster.json.golden b/integration/testdata/debian-buster.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/debian-buster.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/debian-stretch.json.golden b/integration/testdata/debian-stretch.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/debian-stretch.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/distroless-base.json.golden b/integration/testdata/distroless-base.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/distroless-base.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/distroless-python27.json.golden b/integration/testdata/distroless-python27.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/distroless-python27.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/dockerfile-custom-policies.json.golden b/integration/testdata/dockerfile-custom-policies.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/custom-policy",
   "ArtifactType": "repository",
   "Metadata": {

diff --git a/integration/testdata/dockerfile-namespace-exception.json.golden b/integration/testdata/dockerfile-namespace-exception.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/namespace-exception",
   "ArtifactType": "repository",
   "Metadata": {

diff --git a/integration/testdata/dockerfile-rule-exception.json.golden b/integration/testdata/dockerfile-rule-exception.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/rule-exception",
   "ArtifactType": "repository",
   "Metadata": {

diff --git a/integration/testdata/dockerfile.json.golden b/integration/testdata/dockerfile.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/dockerfile",
   "ArtifactType": "repository",
   "Metadata": {

diff --git a/integration/testdata/dockerfile_file_pattern.json.golden b/integration/testdata/dockerfile_file_pattern.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/dockerfile_file_pattern",
   "ArtifactType": "repository",
   "Metadata": {

diff --git a/integration/testdata/dotnet.json.golden b/integration/testdata/dotnet.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/dotnet",
   "ArtifactType": "repository",
   "Metadata": {

diff --git a/integration/testdata/fluentd-gems.json.golden b/integration/testdata/fluentd-gems.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/fluentd-multiple-lockfiles.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

diff --git a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden
@@ -5,7 +5,7 @@
   "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
   "version": 1,
   "metadata": {
-    "timestamp": "2020-09-10T14:20:30+00:00",
+    "timestamp": "2021-08-25T12:20:30+00:00",
     "tools": [
       {
         "vendor": "aquasecurity",

diff --git a/integration/testdata/fluentd-multiple-lockfiles.json.golden b/integration/testdata/fluentd-multiple-lockfiles.json.golden
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/sbom/fluentd-multiple-lockfiles-cyclonedx.json",
   "ArtifactType": "cyclonedx",
   "Metadata": {