Currently the focus of OSV-Scanner is on lockfiles, with preliminary support for Debian container scanning.

We will extend this to better container scanning as well:

• Better package extraction from container images .
• Filesystem scanning.
• More distro support.

This would be amazing! Really appreciate what you're doing here :)

A few questions, out of curiosity:

1. Is there currently work planned for Debian container scanning? (I imagine this would align well with gLinux scanning work, so I'm hoping yes.)
2. Has work been planned for other distros, and if so, which?
3. What other distros do you realistically see this getting extended to?