A topic brought up in 3-24-21 community dev meeting.

The community is asking for Clair to support distroless containers.

Distroless containers have a normal OS level package database (rpm, deb, etc...) per installed package located on the file system.

Distroless containers are supposedly "append only". If this is true, Clair can support this today without a large change.

However, if we encounter containers where the single-package package databases are removed, Clair does not handle this case.

We should weigh the options between quickly supporting Distroless containers today (turn around time 2-5 days), or adjusting our data model to handle file system deletions (turn around time closer to a month with proper design and planning).