Ideally, the process should be as follows:
- We scan the registry for images
- We check which of those images are currently in use directly in kubernetes, or indirectly as base for other images
- We run the docker report job on each of those images
- We clean up any image we downloaded.
IMHO this can be done in progressive steps, for instance item number 2 is not necerssary for an MVP, which can be limited to the other points. I'll start by building a lean way to submit said reports.
This can run on boron for now, but should really be moved to a dedicated VM in the future.