Consistency with Image ID & Digest in vulnerability command

[ghost]

Revisit the vulnerability command functionality and documentation to have consistency with the use of Image ID and Image Digest.

Jira: ALLY-83

[ghost]

Doing some reading and a complete assessment of how we run vulnerability scans and lookup for vulnerability reports, I have the following proposal.

Implementation Details

By default, on-demand vulnerability scans are requested by providing the tag or digest of an image, therefore we are going to make the vulnerability command to be focused in digest as much as possible. Though, we will provide a way to retrieve reports from image IDs.

Here are some modifications we will make to the CLI.

Run on-demand scans

To run an on-demand scan, a user will need the following information:

<registry>    container registry where the container image has been published
<repository>  repository name that contains the container image
<tag|digest>  either a tag or an image digest to scan (digest format: sha256:1ee...1d3b)

Note that we can't trigger scans with an image ID.

Review vulnerability reports

To review vulnerability reports from container image scans that run previously either by the periodic scan mechanism that Lacework runs every hour, or a requested on-demand vulnerability scan, a user will need to provide a SHA256 hash of a container with format sha256:1ee...1d3b.

Example:

$ lacework vul report sha256:8d8f5b08727272389bc2788561bd60a8f012d3c68675dccce7dd7ee2d47a9f4d

By default, this command treads the provided SHA256 as the image digest, when a user is trying to lookup a report by its image ID, they can use the flag --image_id that will tread the provided SHA256 hash as an image ID.

Deprecations

The flag --digest will be deprecated, and in fact, enabled by default for the command lacework vulnerability report.