Added containerd container runtime inventory metadata to scan results.

PiperOrigin-RevId: 657289604

binary/proto/proto.go

@@ -30,7 +30,7 @@ import (
 	"github.com/google/osv-scalibr/log"
 
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scalibr/extractor/filesystem/containers/containerd"
+	ctrdfs "github.com/google/osv-scalibr/extractor/filesystem/containers/containerd"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/archive"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/packagejson"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/python/requirements"
@@ -43,6 +43,7 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/os/snap"
 	"github.com/google/osv-scalibr/extractor/filesystem/osv"
 	"github.com/google/osv-scalibr/extractor/filesystem/sbom/spdx"
+	ctrdruntime "github.com/google/osv-scalibr/extractor/standalone/containers/containerd"
 	"github.com/google/osv-scalibr/plugin"
 	"github.com/google/osv-scalibr/purl"
 	scalibr "github.com/google/osv-scalibr"
@@ -323,7 +324,7 @@ func setProtoMetadata(meta any, i *spb.Inventory) {
 				Developer:      m.Developer,
 			},
 		}
-	case *containerd.Metadata:
+	case *ctrdfs.Metadata:
 		i.Metadata = &spb.Inventory_ContainerdContainerMetadata{
 			ContainerdContainerMetadata: &spb.ContainerdContainerMetadata{
 				NamespaceName:  m.Namespace,
@@ -333,6 +334,18 @@ func setProtoMetadata(meta any, i *spb.Inventory) {
 				InitProcessPid: int32(m.InitProcessPID),
 			},
 		}
+	case *ctrdruntime.Metadata:
+		i.Metadata = &spb.Inventory_ContainerdRuntimeContainerMetadata{
+			ContainerdRuntimeContainerMetadata: &spb.ContainerdRuntimeContainerMetadata{
+				NamespaceName: m.Namespace,
+				ImageName:     m.ImageName,
+				ImageDigest:   m.ImageDigest,
+				Runtime:       m.Runtime,
+				Id:            m.ID,
+				Pid:           int32(m.PID),
+				RootfsPath:    m.RootFS,
+			},
+		}
 	case *spdx.Metadata:
 		i.Metadata = &spb.Inventory_SpdxMetadata{
 			SpdxMetadata: &spb.SPDXPackageMetadata{

binary/proto/proto_test.go

@@ -27,13 +27,14 @@ import (
 	"github.com/google/osv-scalibr/binary/proto"
 	"github.com/google/osv-scalibr/detector"
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scalibr/extractor/filesystem/containers/containerd"
+	ctrdfs "github.com/google/osv-scalibr/extractor/filesystem/containers/containerd"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/packagejson"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/python/requirements"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/python/wheelegg"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/dpkg"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/rpm"
 	"github.com/google/osv-scalibr/extractor/filesystem/sbom/spdx"
+	ctrdruntime "github.com/google/osv-scalibr/extractor/standalone/containers/containerd"
 	"github.com/google/osv-scalibr/plugin"
 	"github.com/google/osv-scalibr/purl"
 	scalibr "github.com/google/osv-scalibr"
@@ -359,15 +360,15 @@ func TestScanResultToProto(t *testing.T) {
 	containerdInventory := &extractor.Inventory{
 		Name:    "gcr.io/google-samples/hello-app:1.0",
 		Version: "sha256:b1455e1c4fcc5ea1023c9e3b584cd84b64eb920e332feff690a2829696e379e7",
-		Metadata: &containerd.Metadata{
+		Metadata: &ctrdfs.Metadata{
 			Namespace:      "default",
 			ImageName:      "gcr.io/google-samples/hello-app:1.0",
 			ImageDigest:    "sha256:b1455e1c4fcc5ea1023c9e3b584cd84b64eb920e332feff690a2829696e379e7",
 			Runtime:        "io.containerd.runc.v2",
 			InitProcessPID: 8915,
 		},
 		Locations: []string{"/file4"},
-		Extractor: &containerd.Extractor{},
+		Extractor: &ctrdfs.Extractor{},
 	}
 	containerdInventoryProto := &spb.Inventory{
 		Name:    "gcr.io/google-samples/hello-app:1.0",
@@ -384,13 +385,46 @@ func TestScanResultToProto(t *testing.T) {
 		Locations: []string{"/file4"},
 		Extractor: "containers/containerd",
 	}
+	containerdRuntimeInventory := &extractor.Inventory{
+		Name:    "gcr.io/google-samples/hello-app:1.0",
+		Version: "sha256:b1455e1c4fcc5ea1023c9e3b584cd84b64eb920e332feff690a2829696e379e7",
+		Metadata: &ctrdruntime.Metadata{
+			Namespace:   "default",
+			ImageName:   "gcr.io/google-samples/hello-app:1.0",
+			ImageDigest: "sha256:b1455e1c4fcc5ea1023c9e3b584cd84b64eb920e332feff690a2829696e379e7",
+			Runtime:     "io.containerd.runc.v2",
+			ID:          "1234567890",
+			PID:         8915,
+			RootFS:      "/run/containerd/io.containerd.runtime.v2.task/default/1234567890/rootfs",
+		},
+		Locations: []string{"/file7"},
+		Extractor: &ctrdruntime.Extractor{},
+	}
+	containerdRuntimeInventoryProto := &spb.Inventory{
+		Name:    "gcr.io/google-samples/hello-app:1.0",
+		Version: "sha256:b1455e1c4fcc5ea1023c9e3b584cd84b64eb920e332feff690a2829696e379e7",
+		Metadata: &spb.Inventory_ContainerdRuntimeContainerMetadata{
+			ContainerdRuntimeContainerMetadata: &spb.ContainerdRuntimeContainerMetadata{
+				NamespaceName: "default",
+				ImageName:     "gcr.io/google-samples/hello-app:1.0",
+				ImageDigest:   "sha256:b1455e1c4fcc5ea1023c9e3b584cd84b64eb920e332feff690a2829696e379e7",
+				Runtime:       "io.containerd.runc.v2",
+				Id:            "1234567890",
+				Pid:           8915,
+				RootfsPath:    "/run/containerd/io.containerd.runtime.v2.task/default/1234567890/rootfs",
+			},
+		},
+		Locations: []string{"/file7"},
+		Extractor: "containers/containerd-runtime",
+	}
 
 	testCases := []struct {
 		desc        string
 		res         *scalibr.ScanResult
 		want        *spb.ScanResult
 		wantErr     error
 		exclWindows bool // should test be skipped on windows
+		exclMacOS   bool // should test be skipped on macOS
 	}{
 		{
 			desc: "Successful scan",
@@ -548,6 +582,42 @@ func TestScanResultToProto(t *testing.T) {
 			// TODO(b/349138656): Remove this exclusion when containerd is supported on Windows.
 			exclWindows: true,
 		},
+		{
+			desc: "Successful containerd runtime scan linux-only",
+			res: &scalibr.ScanResult{
+				Version:   "1.0.0",
+				StartTime: startTime,
+				EndTime:   endTime,
+				Status:    success,
+				PluginStatus: []*plugin.Status{
+					&plugin.Status{
+						Name:    "ext",
+						Version: 2,
+						Status:  success,
+					},
+				},
+				Inventories: []*extractor.Inventory{containerdRuntimeInventory},
+			},
+			want: &spb.ScanResult{
+				Version:   "1.0.0",
+				StartTime: timestamppb.New(startTime),
+				EndTime:   timestamppb.New(endTime),
+				Status:    successProto,
+				PluginStatus: []*spb.PluginStatus{
+					&spb.PluginStatus{
+						Name:    "ext",
+						Version: 2,
+						Status:  successProto,
+					},
+				},
+				Inventories: []*spb.Inventory{containerdRuntimeInventoryProto},
+				Findings:    []*spb.Finding{},
+			},
+			// TODO(b/349138656): Remove this exclusion when containerd is supported on Windows.
+			exclWindows: true,
+			// Runtime extractor is not supported on macOS.
+			exclMacOS: true,
+		},
 		{
 			desc: "no inventory target, still works",
 			res: &scalibr.ScanResult{
@@ -743,6 +813,10 @@ func TestScanResultToProto(t *testing.T) {
 				t.Skipf("Skipping test %q on Windows", tc.desc)
 			}
 
+			if tc.exclMacOS && runtime.GOOS == "macos" {
+				t.Skipf("Skipping test %q on Macos", tc.desc)
+			}
+
 			got, err := proto.ScanResultToProto(tc.res)
 			if err != tc.wantErr {
 				t.Fatalf("proto.ScanResultToProto(%v) err: got %v, want %v", tc.res, err, tc.wantErr)

binary/proto/scan_result.proto

@@ -91,6 +91,8 @@ message Inventory {
     ContainerdContainerMetadata containerd_container_metadata = 22;
     SNAPPackageMetadata snap_metadata = 23;
     FlatpakPackageMetadata flatpak_metadata = 24;
+    ContainerdRuntimeContainerMetadata containerd_runtime_container_metadata =
+        25;
   }
 }
 
@@ -302,3 +304,13 @@ message ContainerdContainerMetadata {
   string runtime = 4;
   int32 init_process_pid = 5;
 }
+
+message ContainerdRuntimeContainerMetadata {
+  string namespace_name = 1;
+  string image_name = 2;
+  string image_digest = 3;
+  string runtime = 4;
+  string id = 5;
+  int32 pid = 6;
+  string rootfs_path = 7;
+}