Container scanning listing vulnerabilities that don't exist in image

@plafoucriere noticed that our container scanning tool is showing vulnerabilities that don't exist in the image: https://gitlab.com/gitlab-org/security-products/tests/webgoat/-/jobs/288789629

We need to investigate this further to understand why this is happening