feat(report): switch ReportID from UUIDv4 to UUIDv7 (#9749)

Author: knqyf263

integration/integration_test.go

@@ -364,6 +364,8 @@ func runTest(t *testing.T, osArgs []string, wantFile string, format types.Format
 	if opts.fakeUUID != "" {
 		uuid.SetFakeUUID(t, opts.fakeUUID)
 	}
+	// Set fake UUID v7 for ReportID generation. Format is not configurable.
+	uuid.SetFakeUUIDV7(t, "017b7d41-e09f-7000-80ea-%012d")
 
 	// Set up the output file
 	outputFile := filepath.Join(t.TempDir(), "output.json")

integration/sbom_test.go

@@ -154,8 +154,8 @@ func TestSBOMEquivalence(t *testing.T) {
 				want.Results[0].Vulnerabilities[1].PkgIdentifier.BOMRef = "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"
 				want.Results[0].Vulnerabilities[2].PkgIdentifier.BOMRef = "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"
 
-				// SBOM parsing consumes UUIDs #1-#4 for components, so ReportID becomes #5
-				want.ReportID = "3ff14136-e09f-4df9-80ea-000000000005"
+				// ReportID uses v7 UUID with independent counter from v4 UUIDs used for SBOM components
+				want.ReportID = "017b7d41-e09f-7000-80ea-000000000001"
 			},
 		},
 		{
@@ -173,8 +173,8 @@ func TestSBOMEquivalence(t *testing.T) {
 				require.Len(t, got.Results, 1)
 				want.Results[0].Target = "testdata/fixtures/sbom/centos-7-spdx.txt (centos 7.6.1810)"
 
-				// SBOM parsing consumes UUIDs #1-#4 for components, so ReportID becomes #5
-				want.ReportID = "3ff14136-e09f-4df9-80ea-000000000005"
+				// ReportID uses v7 UUID with independent counter from v4 UUIDs used for SBOM components
+				want.ReportID = "017b7d41-e09f-7000-80ea-000000000001"
 			},
 		},
 		{
@@ -192,8 +192,8 @@ func TestSBOMEquivalence(t *testing.T) {
 				require.Len(t, got.Results, 1)
 				want.Results[0].Target = "testdata/fixtures/sbom/centos-7-spdx.json (centos 7.6.1810)"
 
-				// SBOM parsing consumes UUIDs #1-#4 for components, so ReportID becomes #5
-				want.ReportID = "3ff14136-e09f-4df9-80ea-000000000005"
+				// ReportID uses v7 UUID with independent counter from v4 UUIDs used for SBOM components
+				want.ReportID = "017b7d41-e09f-7000-80ea-000000000001"
 			},
 		},
 		{
@@ -216,8 +216,8 @@ func TestSBOMEquivalence(t *testing.T) {
 				want.Results[0].Vulnerabilities[1].PkgIdentifier.BOMRef = "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"
 				want.Results[0].Vulnerabilities[2].PkgIdentifier.BOMRef = "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"
 
-				// SBOM parsing consumes UUIDs #1-#4 for components, so ReportID becomes #5
-				want.ReportID = "3ff14136-e09f-4df9-80ea-000000000005"
+				// ReportID uses v7 UUID with independent counter from v4 UUIDs used for SBOM components
+				want.ReportID = "017b7d41-e09f-7000-80ea-000000000001"
 			},
 		},
 	}

integration/testdata/almalinux-8.json.golden

@@ -1,6 +1,6 @@
 {
   "SchemaVersion": 2,
-  "ReportID": "3ff14136-e09f-4df9-80ea-000000000001",
+  "ReportID": "017b7d41-e09f-7000-80ea-000000000001",
   "CreatedAt": "2021-08-25T12:20:30.000000005Z",
   "ArtifactID": "sha256:fb75459277a4cbcf98182b48c789cfbd4b34414e05898e1231ae8b2ca099f4e7",
   "ArtifactName": "testdata/fixtures/images/almalinux-8.tar.gz",

integration/testdata/alpine-310.json.golden

@@ -1,6 +1,6 @@
 {
   "SchemaVersion": 2,
-  "ReportID": "3ff14136-e09f-4df9-80ea-000000000001",
+  "ReportID": "017b7d41-e09f-7000-80ea-000000000001",
   "CreatedAt": "2021-08-25T12:20:30.000000005Z",
   "ArtifactID": "sha256:39549bf49d696f172a6513103cdc8f53717024ad1fbce62d680a8e7ddde1a612",
   "ArtifactName": "testdata/fixtures/images/alpine-310.tar.gz",

integration/testdata/alpine-39-high-critical.json.golden

@@ -1,6 +1,6 @@
 {
   "SchemaVersion": 2,
-  "ReportID": "3ff14136-e09f-4df9-80ea-000000000001",
+  "ReportID": "017b7d41-e09f-7000-80ea-000000000001",
   "CreatedAt": "2021-08-25T12:20:30.000000005Z",
   "ArtifactID": "sha256:988a8e3eb049d90c20fafb183d0e792c99b8ba28433be1d1e4447a8b5a1adbdf",
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",

integration/testdata/alpine-39-ignore-cveids.json.golden

@@ -1,6 +1,6 @@
 {
   "SchemaVersion": 2,
-  "ReportID": "3ff14136-e09f-4df9-80ea-000000000001",
+  "ReportID": "017b7d41-e09f-7000-80ea-000000000001",
   "CreatedAt": "2021-08-25T12:20:30.000000005Z",
   "ArtifactID": "sha256:988a8e3eb049d90c20fafb183d0e792c99b8ba28433be1d1e4447a8b5a1adbdf",
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",

integration/testdata/alpine-39-skip.json.golden

@@ -1,6 +1,6 @@
 {
   "SchemaVersion": 2,
-  "ReportID": "3ff14136-e09f-4df9-80ea-000000000001",
+  "ReportID": "017b7d41-e09f-7000-80ea-000000000001",
   "CreatedAt": "2021-08-25T12:20:30.000000005Z",
   "ArtifactID": "sha256:988a8e3eb049d90c20fafb183d0e792c99b8ba28433be1d1e4447a8b5a1adbdf",
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",

integration/testdata/alpine-39.json.golden

@@ -1,6 +1,6 @@
 {
   "SchemaVersion": 2,
-  "ReportID": "3ff14136-e09f-4df9-80ea-000000000001",
+  "ReportID": "017b7d41-e09f-7000-80ea-000000000001",
   "CreatedAt": "2021-08-25T12:20:30.000000005Z",
   "ArtifactID": "sha256:988a8e3eb049d90c20fafb183d0e792c99b8ba28433be1d1e4447a8b5a1adbdf",
   "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",

integration/testdata/alpine-distroless.json.golden

@@ -1,6 +1,6 @@
 {
   "SchemaVersion": 2,
-  "ReportID": "3ff14136-e09f-4df9-80ea-000000000001",
+  "ReportID": "017b7d41-e09f-7000-80ea-000000000001",
   "CreatedAt": "2021-08-25T12:20:30.000000005Z",
   "ArtifactID": "sha256:0edd1906378dca3abc435f47f2e4b91059e9950e55cd82c76089d60b9ca68f90",
   "ArtifactName": "testdata/fixtures/images/alpine-distroless.tar.gz",

integration/testdata/amazon-1.json.golden

@@ -1,6 +1,6 @@
 {
   "SchemaVersion": 2,
-  "ReportID": "3ff14136-e09f-4df9-80ea-000000000001",
+  "ReportID": "017b7d41-e09f-7000-80ea-000000000001",
   "CreatedAt": "2021-08-25T12:20:30.000000005Z",
   "ArtifactID": "sha256:5a0fd7bb415c9b52d1bb909e40b9f498a89a5572724bd107d26ead4a25f203e1",
   "ArtifactName": "testdata/fixtures/images/amazon-1.tar.gz",