From efdec77d5222b29baceae14a69cb481b9057dc7a Mon Sep 17 00:00:00 2001
From: Raziel Cohen <rcohen@armosec.io>
Date: Thu, 4 May 2023 10:34:56 +0300
Subject: [PATCH] add image id annotation

Signed-off-by: Raziel Cohen <rcohen@armosec.io>
---
 go.mod                                       | 6 +++---
 go.sum                                       | 4 ++--
 pkg/sbom/v1/sbom_spdx_storage_format.go      | 7 ++++---
 pkg/sbom/v1/sbom_spdx_storage_format_test.go | 4 ++++
 4 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 6de027cb..001e77ff 100644
--- a/go.mod
+++ b/go.mod
@@ -5,8 +5,10 @@ go 1.19
 require (
 	github.com/armosec/utils-k8s-go v0.0.13
 	github.com/kubescape/go-logger v0.0.11
-	github.com/kubescape/k8s-interface v0.0.120
+	github.com/kubescape/k8s-interface v0.0.122
 	github.com/kubescape/storage v0.2.0
+	go.opentelemetry.io/otel v1.11.2
+	go.opentelemetry.io/otel/trace v1.11.2
 	k8s.io/api v0.26.2
 	k8s.io/apimachinery v0.26.2
 	k8s.io/client-go v0.26.2
@@ -56,7 +58,6 @@ require (
 	github.com/uptrace/opentelemetry-go-extra/otelzap v0.1.18 // indirect
 	github.com/uptrace/uptrace-go v1.11.8 // indirect
 	go.opentelemetry.io/contrib/instrumentation/runtime v0.37.0 // indirect
-	go.opentelemetry.io/otel v1.11.2 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.2 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.34.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.34.0 // indirect
@@ -66,7 +67,6 @@ require (
 	go.opentelemetry.io/otel/metric v0.34.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.11.2 // indirect
 	go.opentelemetry.io/otel/sdk/metric v0.34.0 // indirect
-	go.opentelemetry.io/otel/trace v1.11.2 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
diff --git a/go.sum b/go.sum
index 6a71bec6..0f676214 100644
--- a/go.sum
+++ b/go.sum
@@ -225,8 +225,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kubescape/go-logger v0.0.11 h1:oucpq2S7+DT7O+UclG5IrmHado/tj6+IkYf9czVk/aY=
 github.com/kubescape/go-logger v0.0.11/go.mod h1:yGiKBJ2lhq/kxzY/MVYDREL9fLV3RGD6gv+UFjslaew=
-github.com/kubescape/k8s-interface v0.0.120 h1:05ZFcKH364gS8CGdQpQNiJglKzAc8EdnvhOK0v4/PnA=
-github.com/kubescape/k8s-interface v0.0.120/go.mod h1:ENpA9SkkS6E3PIT+AaMu/JGkuyE04aUamY+a7WLqsJQ=
+github.com/kubescape/k8s-interface v0.0.122 h1:Aq6xf1wq+nl2UtLX6rjFaGULZxES8OlzvXNLQcZk9+0=
+github.com/kubescape/k8s-interface v0.0.122/go.mod h1:ENpA9SkkS6E3PIT+AaMu/JGkuyE04aUamY+a7WLqsJQ=
 github.com/kubescape/storage v0.2.0 h1:WZXy4Dyjf5ltEMtk0SOD9RFL1haS9ffFPGfs1gUV1aM=
 github.com/kubescape/storage v0.2.0/go.mod h1:sPE749pFNoxoskBn6JTpNQyguF2rv/u2kYqzRd3MvXw=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
diff --git a/pkg/sbom/v1/sbom_spdx_storage_format.go b/pkg/sbom/v1/sbom_spdx_storage_format.go
index e99bcf93..9ca48f84 100644
--- a/pkg/sbom/v1/sbom_spdx_storage_format.go
+++ b/pkg/sbom/v1/sbom_spdx_storage_format.go
@@ -307,18 +307,19 @@ func (sbom *SBOMData) storeLabels(wlidData string, instanceID instanceidhandler.
 	sbom.filteredSpdxData.ObjectMeta.SetLabels(labels)
 }
 
-func (sbom *SBOMData) storeAnnotations(wlidData string, instanceID instanceidhandler.IInstanceID) {
+func (sbom *SBOMData) storeAnnotations(wlidData, imageID string, instanceID instanceidhandler.IInstanceID) {
 	annotations := make(map[string]string)
 	annotations[instanceidhandlerV1.WlidMetadataKey] = wlidData
 	annotations[instanceidhandlerV1.InstanceIDMetadataKey] = instanceID.GetStringFormatted()
 	annotations[instanceidhandlerV1.ContainerNameMetadataKey] = instanceID.GetContainerName()
+	annotations[instanceidhandlerV1.ImageIDMetadataKey] = imageID
 
 	sbom.filteredSpdxData.ObjectMeta.SetAnnotations(annotations)
 }
 
-func (sbom *SBOMData) StoreMetadata(wlidData string, _ string, instanceID instanceidhandler.IInstanceID) {
+func (sbom *SBOMData) StoreMetadata(wlidData string, imageID string, instanceID instanceidhandler.IInstanceID) {
 	sbom.storeLabels(wlidData, instanceID)
-	sbom.storeAnnotations(wlidData, instanceID)
+	sbom.storeAnnotations(imageID, wlidData, instanceID)
 }
 
 func (sc *SBOMData) CleanResources() {
diff --git a/pkg/sbom/v1/sbom_spdx_storage_format_test.go b/pkg/sbom/v1/sbom_spdx_storage_format_test.go
index b4ab2576..ce45154e 100644
--- a/pkg/sbom/v1/sbom_spdx_storage_format_test.go
+++ b/pkg/sbom/v1/sbom_spdx_storage_format_test.go
@@ -431,6 +431,10 @@ func TestStoreMetadata(t *testing.T) {
 			if SBOMData.filteredSpdxData.Labels[i] != "redis" {
 				t.Fatalf("label key %s should be v1 not %s", i, SBOMData.filteredSpdxData.Labels[i])
 			}
+		case instanceidhandlerV1.ImageTagMetadataKey:
+			if SBOMData.filteredSpdxData.Labels[i] != "e41ced4a64bd065a1a8b79dbc5832b744a3ad82e7fcbe9fb2ebdd1267f972775" {
+				t.Fatalf("label key %s should be v1 not %s", i, SBOMData.filteredSpdxData.Labels[i])
+			}
 		}
 	}
 }