I would like to place a bug report for hopefully then next upgrade to the Anchore Plugin. The current plugin is extremely limited, at least as far as I can tell. We would like to have the anchorectl switch -t non-os working so that CVE's shown to our deveopers in Security Tests will only show the application data CVEs that they need to be concerned with. An example from cli might be like the following: anchorectl image add rockylinux:9-ubi | anchorectl image vulnerabilities rockylinux:9-ubi -t non-os The standard command is as follows: "anchorectl image vulnerabilities myimage:latest -t non-os". So this is the image vulnerability scan which is likely different to the add command being used by the plugin. "anchorectl image add myimage" "anchorectl image vulnerabilities myimage -t non-os -o json" To be clear it needs to do both. Add the image then create a report with non-os data converted to Harness acceptable for ingest
