Overview:

Investigate a "slim indexer" for image scanning. This model proposes a two-stage process:

#. A "slim" indexer runs in secured cluster that can be disconnected environments, gathering a "minimal index report" of environment-specific data (e.g., file paths, package info).
#. This minimal report is then sent to a central, online service that "enriches" it with data requiring external network lookups (e.g., querying the Maven repository) before performing the final vulnerability match.
#. Central can be a managed service, capable of scanning these minimal/SBOM-like reports.

The goal of this investigation is to analyze the feasibility and design of both the API improvement and the slim/delegated indexer model to better support offline scanning use cases.

Acceptance Criteria:

A preliminary doc describing a "slim indexer" and "minimal index report" model, with pros/cons.