The scope of this effort for 4.10 for Scanner is:

• Scanner V4 only
• Fixed by date for RH vulns only - that date is provided in Advisories/VEX (other vuln sources the fixed date will be inferred in Central / not come from Scanner V4)

The implementation will be added to ACS only (not ClairCore) - based on prior conversations to add this to ClairCore would be inefficient and require parsing VEX data.

The existing ACS CSAF Enricher will be used, leveraging the "initial release date" of the Advisory as the fixed available date - which is already available to the CSAF enricher. 

The Advisories, like VEX, contains multiple "vendor fix" dates that are per product, which were analyzed and every advisory's "initial release date" is identical to the vendor fix dates - which makes sense given the advisories are per product. In VEX the vendor_fix dates will differ per product complicating matching.