ACS customers have found it helpful to know the version of the package they should use to resolve all known fixable vulnerabilities. ACS is interested in this functionality in ClairCore as well.

If there is no interest in this for ClairCore, I believe it is doable to determine this once a vulnerability report is generated, but we would then need to ensure we use the correct version parsers.