With the introduction of Clair V4's new Enrichment feature (substituting for Clair V2's NVD data), we need to ensure this additional data is carried forward with Quay's security scan API as well.

See output from:

https://quay.io/api/v1/repository/bdettelb/demoserver1/image/0c4c72d5ef8865ff876bed265a724a31d1c0d632cbd93b5c35835d4929f16321/security?vulnerabilities=true

Specifically the sections like:

{
  "Name": "CVE-2020-8177",
  "NamespaceName": "debian:9",
  "Link": "https://security-tracker.debian.org/tracker/CVE-2020-8177",
  "FixedBy": "7.52.1-5+deb9u11",
  "Description": "curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.",
  "Metadata": {
    "NVD": {
     "CVSSv3":

{         "Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",         "ImpactScore": 5.2,         "Score": 7.1,         "ExploitabilityScore": 1.8     }

,
    "CVSSv2":

{         "Score": 4.6,         "PublishedDateTime": "2020-12-14T20:15Z",         "Vectors": "AV:L/AC:L/Au:N/C:P/I:P/A:P"     }

  }
},