feat: add layered analysis support

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sysdig-lsp"
-version = "0.4.1"
+version = "0.5.0"
 edition = "2024"
 authors = [ "Sysdig Inc." ]
 readme = "README.md"

README.md

@@ -20,7 +20,7 @@ helping you detect vulnerabilities and misconfigurations earlier in the developm
 | Scan base image in Dockerfile   | Supported                                                              | [Supported](./docs/features/scan_base_image.md) (0.1.0+) |
 | Code lens support               | Supported                                                              | [Supported](./docs/features/code_lens.md) (0.2.0+)       |
 | Build and Scan Dockerfile       | Supported                                                              | [Supported](./docs/features/build_and_scan.md) (0.4.0+)  |
-| Layered image analysis          | Supported                                                              | In roadmap                                               |
+| Layered image analysis          | Supported                                                              | [Supported](./docs/features/layered_analysis.md) (0.5.0+)|
 | Docker-compose image analysis   | Supported                                                              | In roadmap                                               |
 | K8s Manifest image analysis     | Supported                                                              | In roadmap                                               |
 | Infrastructure-as-code analysis | Supported                                                              | In roadmap                                               |

docs/features/README.md

@@ -14,4 +14,8 @@ Sysdig LSP provides tools to integrate container security checks into your devel
 - Builds and scans the entire final Dockerfile image used in production.
 - Supports multi-stage Dockerfiles, analyzing final stage and explicitly copied artifacts from intermediate stages.
 
+## [Layered Analysis](./layered_analysis.md)
+- Scans each Dockerfile layer individually for precise vulnerability identification.
+- Supports detailed analysis in single-stage and multi-stage Dockerfiles.
+
 See the linked documents for more details.

docs/features/layered_analysis.md

@@ -0,0 +1,36 @@
+# Layered Analysis
+
+Sysdig LSP provides Layered Analysis to scan each layer created by your Dockerfile instructions individually.
+This helps you quickly identify and remediate vulnerabilities introduced at specific steps, optimizing your container security.
+
+> [!IMPORTANT]
+> In multi-stage Dockerfiles, layers of the final runtime stage are analyzed individually.
+> Intermediate stages are only considered if their layers or artifacts are explicitly copied into the final runtime stage.
+
+![Sysdig LSP performing Layered Analysis](./layered_analysis.gif)
+
+## Examples
+
+### Single-stage Dockerfile (fully analyzed)
+
+```dockerfile
+FROM ubuntu:22.04
+RUN apt-get update && apt-get install -y python3
+COPY ./app /app
+RUN pip install -r /app/requirements.txt
+```
+In this Dockerfile, Sysdig LSP individually scans each layer, identifying exactly which step introduces vulnerabilities.
+
+### Multi-stage Dockerfile (layer-focused analysis)
+
+```dockerfile
+# Intermediate build stage (layers scanned only if copied)
+FROM node:18-alpine AS build
+RUN npm install && npm run build
+
+# Final runtime stage (all layers analyzed individually)
+FROM nginx:alpine
+COPY --from=build /dist /usr/share/nginx/html
+RUN apk add --no-cache curl
+```
+Here, Sysdig LSP individually scans every layer of the final runtime stage (`nginx:alpine`). Layers from the intermediate stage (`node:18-alpine`) are scanned only if their artifacts are explicitly copied to the final stage.