From 531f9e30edb7fea0e3396829934be5ed84db7420 Mon Sep 17 00:00:00 2001
From: u5surf <u5.horie@gmail.com>
Date: Thu, 9 Nov 2023 15:13:45 +0000
Subject: [PATCH] Add CreatedAt to the JSON report. (#5542)

---
 docs/docs/supply-chain/attestation/vuln.md | 1 +
 pkg/scanner/scan.go                        | 2 ++
 pkg/scanner/scan_test.go                   | 4 ++++
 pkg/types/report.go                        | 1 +
 4 files changed, 8 insertions(+)

diff --git a/docs/docs/supply-chain/attestation/vuln.md b/docs/docs/supply-chain/attestation/vuln.md
index e0f78a541a49..c17164f0f30b 100644
--- a/docs/docs/supply-chain/attestation/vuln.md
+++ b/docs/docs/supply-chain/attestation/vuln.md
@@ -30,6 +30,7 @@ $ trivy image --format cosign-vuln --output vuln.json alpine:3.10
     },
     "result": {
       "SchemaVersion": 2,
+      "CreatedAt": 1629894030,
       "ArtifactName": "alpine:3.10",
       "ArtifactType": "container_image",
       "Metadata": {
diff --git a/pkg/scanner/scan.go b/pkg/scanner/scan.go
index 931b5b0ea035..1981f4828e64 100644
--- a/pkg/scanner/scan.go
+++ b/pkg/scanner/scan.go
@@ -6,6 +6,7 @@ import (
 	"github.com/google/wire"
 	"golang.org/x/xerrors"
 
+	"github.com/aquasecurity/trivy/pkg/clock"
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
 	aimage "github.com/aquasecurity/trivy/pkg/fanal/artifact/image"
 	flocal "github.com/aquasecurity/trivy/pkg/fanal/artifact/local"
@@ -172,6 +173,7 @@ func (s Scanner) ScanArtifact(ctx context.Context, options types.ScanOptions) (t
 
 	return types.Report{
 		SchemaVersion: report.SchemaVersion,
+		CreatedAt:     clock.Now().Unix(),
 		ArtifactName:  artifactInfo.Name,
 		ArtifactType:  artifactInfo.Type,
 		Metadata: types.Metadata{
diff --git a/pkg/scanner/scan_test.go b/pkg/scanner/scan_test.go
index e32edc985590..808596f745ba 100644
--- a/pkg/scanner/scan_test.go
+++ b/pkg/scanner/scan_test.go
@@ -4,10 +4,12 @@ import (
 	"context"
 	"errors"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/aquasecurity/trivy/pkg/clock"
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/types"
@@ -17,6 +19,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
 	type args struct {
 		options types.ScanOptions
 	}
+	clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
 	tests := []struct {
 		name               string
 		args               args
@@ -96,6 +99,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
 			},
 			want: types.Report{
 				SchemaVersion: 2,
+				CreatedAt:     1629894030,
 				ArtifactName:  "alpine:3.11",
 				ArtifactType:  ftypes.ArtifactContainerImage,
 				Metadata: types.Metadata{
diff --git a/pkg/types/report.go b/pkg/types/report.go
index a085ee454519..edead1568ca1 100644
--- a/pkg/types/report.go
+++ b/pkg/types/report.go
@@ -11,6 +11,7 @@ import (
 // Report represents a scan result
 type Report struct {
 	SchemaVersion int                 `json:",omitempty"`
+	CreatedAt     int64               `json:",omitempty"`
 	ArtifactName  string              `json:",omitempty"`
 	ArtifactType  ftypes.ArtifactType `json:",omitempty"`
 	Metadata      Metadata            `json:",omitempty"`