Summary: Implement integrated scanning in RHACS and Clair to validate the "Zero-CVE" status of Project Hummingbird images and provide continuous monitoring against new vulnerability discoveries.

Goal Summary

Project Hummingbird images are built to be minimal, often lacking shells or package managers (e.g., rpm). This feature enables Clair and RHACS to scan these images and cross-reference them with Red Hat’s VEX metadata.

Out of Scope

• Third-Party Distroless: This feature does not provide "Zero-CVE" certification for Google Distroless or Chainguard images (though they are scanned via standard SBOM logic).

• Remediation Suggestion: RHACS will identify the need for a patch, but it will not automatically rebuild the container image.

• Legacy Scanners: This feature is only supported on RHACS Scanner V4 (ClairCore-based).