feat: container scan support for cgo and stripped Go binaries

test: add acceptance test for container cgo/stripped Go binaries

Author: adrobuta

package-lock.json

@@ -117,7 +117,7 @@
     "semver": "^6.0.0",
     "snyk-config": "^5.0.0",
     "snyk-cpp-plugin": "2.24.1",
-    "snyk-docker-plugin": "8.12.2",
+    "snyk-docker-plugin": "8.13.0",
     "snyk-go-plugin": "1.28.0",
     "snyk-gradle-plugin": "5.1.1",
     "snyk-module": "3.1.0",

package.json

@@ -156,6 +156,19 @@ describe('snyk container', () => {
       expect(code).toEqual(1);
     }, 30000);
 
+    it('detects stripped Go binaries and reports fleet-server dependencies', async () => {
+      const { code, stdout } = await runSnykCLI(
+        `container test docker-archive:test/fixtures/container-projects/stripped-go-binaries-minimal.tar.gz --json`,
+      );
+      const jsonOutput = JSON.parse(stdout);
+
+      const goModulesResults = jsonOutput.applications?.find((app) =>
+        app.targetFile?.includes('fleet-server'),
+      );
+      expect(code).toEqual(1);
+      expect(goModulesResults).toBeDefined();
+    });
+
     it('npm depGraph is generated in an npm image with lockfiles', async () => {
       const { code, stdout, stderr } = await runSnykCLIWithDebug(
         `container test docker-archive:test/fixtures/container-projects/npm7-with-package-lock-file.tar --print-deps`,