Outdated image scanner with reports

[Starttoaster]

This is a request to add a new report custom resource and scanner for outdated images in the cluster. Currently, when you view VulnerabilityReports published by Trivy Operator it contains a lot of data about a specific container image. But it doesn't tell you if there's an updated image available to change to. It would be incredible from a Kubernetes cluster administrator's perspective to filter by vulnerable images that actually have a new image version to switch to that might be less vulnerable.

For that, I'm imagining a new type of report resource (or perhaps this could just be added to the VulnerabilityReport resources) that details the current image (registry, repository, tag, digest) as well as takes a stab at scanning the registry/repository for a newer tag to switch to.

The trick with actually implementing this feature that I'm not sure how to accomplish would be finding a new image tag of a comparable image lineup. A registry/repository might contain multiple "classes" of tags (release candidates, full releases semvers, latest release, and maybe one for the current commit in the default branch of the code repo.) Maybe just does some regex to figure out of the current tag is :latest or :vX.X.X/:X.X.X tag, and then scans the registry for the newest version of the image that also matches that regex. I've used Hashicorp's go-version library for comparing SemVer strings which might help with this too (finding out which is "newer") https://github.com/hashicorp/go-version

[chen-keinan]

@Starttoaster latest in the way it used by many companies today ,so it could be confusing as its not necessary will be the latest one.
we have on our plan to add support for outdated helm charts, I'll review your requirement together with it to see if it can be achieved along the way