Consider bringing internal vulnerability management tools to the Container Scanning feature

Proposal

The automation we're building internaly to improve vulnerability management (vulnmapper) might be useful to our users too.

For instance, the ability to sync with vendor's DB to inform about the status of an ongoing vulnerability and apply some labels like Vulnerability::Vendor PackageWill Not Be Fixed and Vulnerability::Vendor PackageFix Unavailable.

This kind of information could be gathered in our external infra and brought to Container Scanning via additional metadata in the advisories. Then Container Scanning vulnerabilities could be flagged with such additional information to facilitate triage and management.