feat: Add local ImageID to SARIF metadata (#6522)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

Author: charlesoxyer

integration/testdata/alpine-310.sarif.golden

@@ -184,6 +184,7 @@
         }
       },
       "properties": {
+        "imageID": "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4",
         "imageName": "testdata/fixtures/images/alpine-310.tar.gz",
         "repoDigests": null,
         "repoTags": null

pkg/report/sarif.go

@@ -137,6 +137,7 @@ func (sw *SarifWriter) Write(ctx context.Context, report types.Report) error {
 			"imageName":   report.ArtifactName,
 			"repoTags":    report.Metadata.RepoTags,
 			"repoDigests": report.Metadata.RepoDigests,
+			"imageID":     report.Metadata.ImageID,
 		}
 	}
 	if sw.Target != "" {

pkg/report/sarif_test.go

@@ -31,6 +31,7 @@ func TestReportWriter_Sarif(t *testing.T) {
 				ArtifactName: "debian:9",
 				ArtifactType: artifact.TypeContainerImage,
 				Metadata: types.Metadata{
+					ImageID: "sha256:7640c3f9e75002deb419d5e32738eeff82cf2b3edca3781b4fe1f1f626d11b20",
 					RepoTags: []string{
 						"debian:9",
 					},
@@ -177,6 +178,7 @@ func TestReportWriter_Sarif(t *testing.T) {
 						PropertyBag: sarif.PropertyBag{
 							Properties: map[string]any{
 								"imageName":   "debian:9",
+								"imageID":     "sha256:7640c3f9e75002deb419d5e32738eeff82cf2b3edca3781b4fe1f1f626d11b20",
 								"repoDigests": []any{"debian@sha256:a8cc1744bbdd5266678e3e8b3e6387e45c053218438897e86876f2eb104e5534"},
 								"repoTags":    []any{"debian:9"},
 							},