When the user scans an image, they see the vulnerabilities that are marked as fixable by Trivy. After patching, they can run a scan for fixable vulnerabilities again. Therefore, any remaining vulnerabilities shown are marked as fixable by Trivy but not able to be patched by Copa. Do we want to show details about these vulnerabilities? Or does this extend too far into the domain of scanner plugins?
When the user scans an image, they see the vulnerabilities that are marked as fixable by Trivy. After patching, they can run a scan for fixable vulnerabilities again. Therefore, any remaining vulnerabilities shown are marked as fixable by Trivy but not able to be patched by Copa. Do we want to show details about these vulnerabilities? Or does this extend too far into the domain of scanner plugins?