There are three ways in which we might be able to easily improve manifesting to assist product security and help reduce the number of false positives. These are

• Go builder image implicit manifesting
• Koji build finder for manifesting "main artifacts"
• Fuse BOM(s) for tracking per release