the original list of affected components comes from product security clair
scans.

There may be a way to run clair scans locally if there is no easy way to access
these scans.

Initially, I just want to learn what these scans are, how they work and if
I can use them for anything. Also, it may be that newer versions of openshift
components are no longer vulnerable.