feat(report): Add CreatedAt to the JSON report. (#5542) (#5549)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

docs/docs/supply-chain/attestation/vuln.md

@@ -30,6 +30,7 @@ $ trivy image --format cosign-vuln --output vuln.json alpine:3.10
     },
     "result": {
       "SchemaVersion": 2,
+      "CreatedAt": 1629894030,
       "ArtifactName": "alpine:3.10",
       "ArtifactType": "container_image",
       "Metadata": {

integration/client_server_test.go

@@ -354,7 +354,7 @@ func TestClientServerWithFormat(t *testing.T) {
 		},
 	}
 
-	fakeTime := time.Date(2020, 8, 10, 7, 28, 17, 958601, time.UTC)
+	fakeTime := time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC)
 	clock.SetFakeTime(t, fakeTime)
 
 	report.CustomTemplateFuncMap = map[string]interface{}{
@@ -419,7 +419,7 @@ func TestClientServerWithCycloneDX(t *testing.T) {
 	addr, cacheDir := setup(t, setupOptions{})
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			clock.SetFakeTime(t, time.Date(2020, 9, 10, 14, 20, 30, 5, time.UTC))
+			clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
 			uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d")
 
 			osArgs, outputFile := setupClient(t, tt.args, addr, cacheDir, tt.golden)

integration/integration_test.go

@@ -27,6 +27,7 @@ import (
 
 	"github.com/aquasecurity/trivy-db/pkg/db"
 	"github.com/aquasecurity/trivy-db/pkg/metadata"
+	"github.com/aquasecurity/trivy/pkg/clock"
 	"github.com/aquasecurity/trivy/pkg/commands"
 	"github.com/aquasecurity/trivy/pkg/dbtest"
 	"github.com/aquasecurity/trivy/pkg/types"
@@ -43,6 +44,8 @@ func initDB(t *testing.T) string {
 	entries, err := os.ReadDir(fixtureDir)
 	require.NoError(t, err)
 
+	clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
+
 	var fixtures []string
 	for _, entry := range entries {
 		if entry.IsDir() {

integration/repo_test.go

@@ -480,7 +480,7 @@ func TestRepository(t *testing.T) {
 			osArgs = append(osArgs, "--output", outputFile)
 			osArgs = append(osArgs, tt.args.input)
 
-			clock.SetFakeTime(t, time.Date(2020, 9, 10, 14, 20, 30, 5, time.UTC))
+			clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
 			uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d")
 
 			// Run "trivy repo"

integration/testdata/almalinux-8.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/almalinux-8.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/alpine-310-registry.json.golden

@@ -1,6 +1,7 @@
 {
   "SchemaVersion": 2,
-  "ArtifactName": "localhost:55844/alpine:3.10",
+  "CreatedAt": 1629894030,
+  "ArtifactName": "localhost:53869/alpine:3.10",
   "ArtifactType": "container_image",
   "Metadata": {
     "OS": {
@@ -13,10 +14,10 @@
       "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
     ],
     "RepoTags": [
-      "localhost:55844/alpine:3.10"
+      "localhost:53869/alpine:3.10"
     ],
     "RepoDigests": [
-      "localhost:55844/alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60"
+      "localhost:53869/alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60"
     ],
     "ImageConfig": {
       "architecture": "amd64",
@@ -55,7 +56,7 @@
   },
   "Results": [
     {
-      "Target": "localhost:55844/alpine:3.10 (alpine 3.10.2)",
+      "Target": "localhost:53869/alpine:3.10 (alpine 3.10.2)",
       "Class": "os-pkgs",
       "Type": "alpine",
       "Vulnerabilities": [

integration/testdata/alpine-310.asff.golden

@@ -7,8 +7,8 @@
             "GeneratorId": "Trivy/CVE-2019-1549",
             "AwsAccountId": "123456789012",
             "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
+            "CreatedAt": "2021-08-25T12:20:30.000000005Z",
-            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "UpdatedAt": "2021-08-25T12:20:30.000000005Z",
             "Severity": {
                 "Label": "MEDIUM"
             },
@@ -52,8 +52,8 @@
             "GeneratorId": "Trivy/CVE-2019-1551",
             "AwsAccountId": "123456789012",
             "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
+            "CreatedAt": "2021-08-25T12:20:30.000000005Z",
-            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "UpdatedAt": "2021-08-25T12:20:30.000000005Z",
             "Severity": {
                 "Label": "MEDIUM"
             },
@@ -97,8 +97,8 @@
             "GeneratorId": "Trivy/CVE-2019-1549",
             "AwsAccountId": "123456789012",
             "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
+            "CreatedAt": "2021-08-25T12:20:30.000000005Z",
-            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "UpdatedAt": "2021-08-25T12:20:30.000000005Z",
             "Severity": {
                 "Label": "MEDIUM"
             },
@@ -142,8 +142,8 @@
             "GeneratorId": "Trivy/CVE-2019-1551",
             "AwsAccountId": "123456789012",
             "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
+            "CreatedAt": "2021-08-25T12:20:30.000000005Z",
-            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "UpdatedAt": "2021-08-25T12:20:30.000000005Z",
             "Severity": {
                 "Label": "MEDIUM"
             },

integration/testdata/alpine-310.gsbom.golden

@@ -11,7 +11,7 @@
     "correlator": "workflow-name_integration",
     "id": "1910764383"
   },
-  "scanned": "2020-08-10T07:28:17Z",
+  "scanned": "2021-08-25T12:20:30Z",
   "manifests": {
     "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)": {
       "name": "alpine",

integration/testdata/alpine-310.html.golden

@@ -51,7 +51,7 @@
       }
       a.toggle-more-links { cursor: pointer; }
     </style>
-    <title>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10 07:28:17.000958601 +0000 UTC </title>
+    <title>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2021-08-25 12:20:30.000000005 +0000 UTC </title>
     <script>
       window.onload = function() {
         document.querySelectorAll('td.links').forEach(function(linkCell) {
@@ -81,7 +81,7 @@
     </script>
   </head>
   <body>
-    <h1>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10 07:28:17.000958601 +0000 UTC</h1>
+    <h1>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2021-08-25 12:20:30.000000005 +0000 UTC</h1>
     <table>
       <tr class="group-header"><th colspan="6">alpine</th></tr>
       <tr class="sub-header">

integration/testdata/alpine-310.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-310.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/alpine-39-high-critical.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/alpine-39-ignore-cveids.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/alpine-39-skip.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/alpine-39.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/alpine-distroless.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/alpine-distroless.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/amazon-1.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/amazon-1.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/amazon-2.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/amazon-2.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/amazonlinux2-gp2-x86-vm.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "disk.img",
   "ArtifactType": "vm",
   "Metadata": {

integration/testdata/busybox-with-lockfile.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/centos-6.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/centos-6.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/centos-7-ignore-unfixed.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/centos-7-medium.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/centos-7.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/cocoapods.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/cocoapods",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/composer.lock.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/composer",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/conan.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/conan",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/conda-cyclonedx.json.golden

@@ -5,7 +5,7 @@
   "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
   "version": 1,
   "metadata": {
-    "timestamp": "2020-09-10T14:20:30+00:00",
+    "timestamp": "2021-08-25T12:20:30+00:00",
     "tools": [
       {
         "vendor": "aquasecurity",

integration/testdata/conda-spdx.json.golden

@@ -9,7 +9,7 @@
       "Organization: aquasecurity",
       "Tool: trivy-dev"
     ],
-    "created": "2020-09-10T14:20:30Z"
+    "created": "2021-08-25T12:20:30Z"
   },
   "packages": [
     {

integration/testdata/debian-buster-ignore-unfixed.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/debian-buster.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/debian-buster.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/debian-buster.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/debian-stretch.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/debian-stretch.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/distroless-base.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/distroless-base.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/distroless-python27.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/distroless-python27.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/dockerfile-custom-policies.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/custom-policy",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/dockerfile-namespace-exception.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/namespace-exception",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/dockerfile-rule-exception.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/rule-exception",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/dockerfile.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/dockerfile",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/dockerfile_file_pattern.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/dockerfile_file_pattern",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/dotnet.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/dotnet",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/fluentd-gems.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/fluentd-multiple-lockfiles.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden

@@ -5,7 +5,7 @@
   "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
   "version": 1,
   "metadata": {
-    "timestamp": "2020-09-10T14:20:30+00:00",
+    "timestamp": "2021-08-25T12:20:30+00:00",
     "tools": [
       {
         "vendor": "aquasecurity",

integration/testdata/fluentd-multiple-lockfiles.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/sbom/fluentd-multiple-lockfiles-cyclonedx.json",
   "ArtifactType": "cyclonedx",
   "Metadata": {

integration/testdata/gomod-skip.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/gomod",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/gomod.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/gomod",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/gradle.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/gradle",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/helm.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/helm",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/helm_badname.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/helm_badname",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/helm_testchart.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/helm_testchart",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/helm_testchart.overridden.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/helm_testchart",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/mariner-1.0.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/mariner-1.0.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/minikube-kbom.json.golden

@@ -1,12 +1,12 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/sbom/minikube-kbom.json",
   "ArtifactType": "cyclonedx",
   "Metadata": {
     "OS": {
       "Family": "ubuntu",
-      "Name": "22.04.2",
+      "Name": "22.04.2"
-      "EOSL": false
     },
     "ImageConfig": {
       "architecture": "",

integration/testdata/mix.lock.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/mixlock",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/npm-with-dev.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/npm",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/npm.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/npm",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/nuget.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/nuget",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/opensuse-leap-151.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/opensuse-leap-151.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/oraclelinux-8.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/oraclelinux-8.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/photon-30.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/photon-30.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/pip.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/pip",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/pipenv.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/pipenv",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/pnpm.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/pnpm",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/poetry.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/poetry",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/pom-cyclonedx.json.golden

@@ -5,7 +5,7 @@
   "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
   "version": 1,
   "metadata": {
-    "timestamp": "2020-09-10T14:20:30+00:00",
+    "timestamp": "2021-08-25T12:20:30+00:00",
     "tools": [
       {
         "vendor": "aquasecurity",
@@ -102,6 +102,98 @@
     }
   ],
   "vulnerabilities": [
+    {
+      "id": "CVE-2021-20190",
+      "source": {
+        "name": "glad",
+        "url": "https://gitlab.com/gitlab-org/advisories-community"
+      },
+      "ratings": [
+        {
+          "source": {
+            "name": "ghsa"
+          },
+          "severity": "high"
+        },
+        {
+          "source": {
+            "name": "nvd"
+          },
+          "score": 8.3,
+          "severity": "high",
+          "method": "CVSSv2",
+          "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"
+        },
+        {
+          "source": {
+            "name": "nvd"
+          },
+          "score": 8.1,
+          "severity": "high",
+          "method": "CVSSv31",
+          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+        },
+        {
+          "source": {
+            "name": "redhat"
+          },
+          "score": 8.1,
+          "severity": "high",
+          "method": "CVSSv31",
+          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+        }
+      ],
+      "cwes": [
+        502
+      ],
+      "description": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
+      "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.10.7",
+      "advisories": [
+        {
+          "url": "https://avd.aquasec.com/nvd/cve-2021-20190"
+        },
+        {
+          "url": "https://access.redhat.com/security/cve/CVE-2021-20190"
+        },
+        {
+          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633"
+        },
+        {
+          "url": "https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a"
+        },
+        {
+          "url": "https://github.com/FasterXML/jackson-databind/issues/2854"
+        },
+        {
+          "url": "https://github.com/advisories/GHSA-5949-rw7g-wx7w"
+        },
+        {
+          "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E"
+        },
+        {
+          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
+        },
+        {
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190"
+        },
+        {
+          "url": "https://security.netapp.com/advisory/ntap-20210219-0008/"
+        }
+      ],
+      "published": "2021-01-19T17:15:00+00:00",
+      "updated": "2021-07-20T23:15:00+00:00",
+      "affects": [
+        {
+          "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1",
+          "versions": [
+            {
+              "version": "2.9.1",
+              "status": "affected"
+            }
+          ]
+        }
+      ]
+    },
     {
       "id": "CVE-2020-9548",
       "source": {
@@ -223,98 +315,6 @@
           ]
         }
       ]
-    },
-    {
-      "id": "CVE-2021-20190",
-      "source": {
-        "name": "glad",
-        "url": "https://gitlab.com/gitlab-org/advisories-community"
-      },
-      "ratings": [
-        {
-          "source": {
-            "name": "ghsa"
-          },
-          "severity": "high"
-        },
-        {
-          "source": {
-            "name": "nvd"
-          },
-          "score": 8.3,
-          "severity": "high",
-          "method": "CVSSv2",
-          "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"
-        },
-        {
-          "source": {
-            "name": "nvd"
-          },
-          "score": 8.1,
-          "severity": "high",
-          "method": "CVSSv31",
-          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
-        },
-        {
-          "source": {
-            "name": "redhat"
-          },
-          "score": 8.1,
-          "severity": "high",
-          "method": "CVSSv31",
-          "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
-        }
-      ],
-      "cwes": [
-        502
-      ],
-      "description": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
-      "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.10.7",
-      "advisories": [
-        {
-          "url": "https://avd.aquasec.com/nvd/cve-2021-20190"
-        },
-        {
-          "url": "https://access.redhat.com/security/cve/CVE-2021-20190"
-        },
-        {
-          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633"
-        },
-        {
-          "url": "https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a"
-        },
-        {
-          "url": "https://github.com/FasterXML/jackson-databind/issues/2854"
-        },
-        {
-          "url": "https://github.com/advisories/GHSA-5949-rw7g-wx7w"
-        },
-        {
-          "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E"
-        },
-        {
-          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
-        },
-        {
-          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190"
-        },
-        {
-          "url": "https://security.netapp.com/advisory/ntap-20210219-0008/"
-        }
-      ],
-      "published": "2021-01-19T17:15:00+00:00",
-      "updated": "2021-07-20T23:15:00+00:00",
-      "affects": [
-        {
-          "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1",
-          "versions": [
-            {
-              "version": "2.9.1",
-              "status": "affected"
-            }
-          ]
-        }
-      ]
     }
   ]
 }

integration/testdata/pom.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/pom",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/pubspec.lock.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/pubspec",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/rockylinux-8.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/rockylinux-8.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/secrets.asff.golden

@@ -6,8 +6,8 @@
             "GeneratorId": "Trivy",
             "AwsAccountId": "123456789012",
             "Types": [ "Sensitive Data Identifications" ],
-            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
+            "CreatedAt": "2021-08-25T12:20:30.000000005Z",
-            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "UpdatedAt": "2021-08-25T12:20:30.000000005Z",
             "Severity": {
                 "Label": "CRITICAL"
             },
@@ -35,8 +35,8 @@
             "GeneratorId": "Trivy",
             "AwsAccountId": "123456789012",
             "Types": [ "Sensitive Data Identifications" ],
-            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
+            "CreatedAt": "2021-08-25T12:20:30.000000005Z",
-            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "UpdatedAt": "2021-08-25T12:20:30.000000005Z",
             "Severity": {
                 "Label": "CRITICAL"
             },

integration/testdata/secrets.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/secrets",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/spring4shell-jre11.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/spring4shell-jre11.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/spring4shell-jre8.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/spring4shell-jre8.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/swift.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/swift",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/test-repo.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "https://github.com/knqyf263/trivy-ci-test",
   "ArtifactType": "repository",
   "Metadata": {

integration/testdata/ubi-7.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/ubi-7.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/ubuntu-1804-ignore-unfixed.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/ubuntu-1804.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/ubuntu-1804.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/images/ubuntu-1804.tar.gz",
   "ArtifactType": "container_image",
   "Metadata": {

integration/testdata/ubuntu-gp2-x86-vm.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "disk.img",
   "ArtifactType": "vm",
   "Metadata": {

integration/testdata/yarn.json.golden

@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": 1629894030,
   "ArtifactName": "testdata/fixtures/repo/yarn",
   "ArtifactType": "repository",
   "Metadata": {

magefiles/magefile.go

@@ -266,6 +266,12 @@ func (t Test) Module() error {
 	return sh.RunWithV(ENV, "go", "test", "-v", "-tags=module_integration", "./integration/...")
 }
 
+// UpdateModuleGolden updates golden files for Wasm integration tests
+func (t Test) UpdateModuleGolden() error {
+	mg.Deps(t.FixtureContainerImages, t.GenerateExampleModules)
+	return sh.RunWithV(ENV, "go", "test", "-v", "-tags=module_integration", "./integration/...", "-update")
+}
+
 // VM runs VM integration tests
 func (t Test) VM() error {
 	mg.Deps(t.FixtureVMImages)
@@ -273,7 +279,8 @@ func (t Test) VM() error {
 }
 
 // UpdateVMGolden updates golden files for integration tests
-func (Test) UpdateVMGolden() error {
+func (t Test) UpdateVMGolden() error {
+	mg.Deps(t.FixtureVMImages)
 	return sh.RunWithV(ENV, "go", "test", "-v", "-tags=vm_integration", "./integration/...", "-update")
 }
 

pkg/scanner/scan.go

@@ -6,6 +6,7 @@ import (
 	"github.com/google/wire"
 	"golang.org/x/xerrors"
 
+	"github.com/aquasecurity/trivy/pkg/clock"
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
 	aimage "github.com/aquasecurity/trivy/pkg/fanal/artifact/image"
 	flocal "github.com/aquasecurity/trivy/pkg/fanal/artifact/local"
@@ -172,6 +173,7 @@ func (s Scanner) ScanArtifact(ctx context.Context, options types.ScanOptions) (t
 
 	return types.Report{
 		SchemaVersion: report.SchemaVersion,
+		CreatedAt:     clock.Now().Unix(),
 		ArtifactName:  artifactInfo.Name,
 		ArtifactType:  artifactInfo.Type,
 		Metadata: types.Metadata{

pkg/scanner/scan_test.go

@@ -4,10 +4,12 @@ import (
 	"context"
 	"errors"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/aquasecurity/trivy/pkg/clock"
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/types"
@@ -17,6 +19,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
 	type args struct {
 		options types.ScanOptions
 	}
+	clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
 	tests := []struct {
 		name               string
 		args               args
@@ -96,6 +99,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
 			},
 			want: types.Report{
 				SchemaVersion: 2,
+				CreatedAt:     1629894030,
 				ArtifactName:  "alpine:3.11",
 				ArtifactType:  ftypes.ArtifactContainerImage,
 				Metadata: types.Metadata{

pkg/types/report.go

@@ -11,6 +11,7 @@ import (
 // Report represents a scan result
 type Report struct {
 	SchemaVersion int                 `json:",omitempty"`
+	CreatedAt     int64               `json:",omitempty"`
 	ArtifactName  string              `json:",omitempty"`
 	ArtifactType  ftypes.ArtifactType `json:",omitempty"`
 	Metadata      Metadata            `json:",omitempty"`