[K9VULN-12533][k9-cloud-vm] Added Link Dockerfile to vulnerabilities section

[LucasChevrierGit]

What does this PR do? What is the motivation?

This PR adds documentation for linking container image vulnerabilities back to their originating Dockerfile using OCI annotations.

It introduces a new section explaining the required annotations:
• org.opencontainers.image.source
• org.opencontainers.image.revision
• com.datadoghq.image.source_path

The goal is to make vulnerability findings more actionable by enabling source-level traceability (repo, commit, Dockerfile) instead of relying only on image metadata.

Also includes:
• a concrete docker build example
• a link to the OCI annotations specification

Merge instructions

Merge readiness:

• Ready for merge

For Datadog employees:

Your branch name MUST follow the <name>/<description> convention and include the forward slash (/). Without this format, your pull request will not pass CI, the GitLab pipeline will not run, and you won't get a branch preview. Getting a branch preview makes it easier for us to check any issues with your PR, such as broken links.

If your branch doesn't follow this format, rename it or create a new branch and PR.

[6/5/2025] Merge queue has been disabled on the documentation repo. If you have write access to the repo, the PR has been reviewed by a Documentation team member, and all of the required checks have passed, you can use the Squash and Merge button to merge the PR. If you don't have write access, or you need help, reach out in the #documentation channel in Slack.

AI assistance

Additional notes

[github-actions]

Preview links (active after the build_preview check completes)

Modified Files

• https://docs-staging.datadoghq.com/lucas.chevrier/K9VULN-12533-Add-documentation-to-link-Dockerfile-to-vulnerabilities/security/cloud_security_management/setup/ci_cd/