Most of the projects listed in this repo have image scanning enabled as part of the CI and nightly runs. We should add a generic document to this repo:

1. Define how to run image scan as part of CI
2. Define a policy on what the patching steps would be

This doc will establish image scanning as a requirement for new projects that we onboard and also can be referenced in the project docs instead of each project having its own blurb about it.

Hi @aramase @ritazh
I would like to work on it.
Could you help me in starting with it?