I am fairly new to container image vulnerability scanning. There seem to be a lot of tools (Snyk, Trivvy, Clair, e.g.) that can identify vulnerable packages in container images. They also do a good job identifying the fix version for the individual package (example: for CVE-2022-32207, upgrade from curl 7.80.0-r1 to 7.80.0-r1).
However, this is not exactly what I'm looking for. Since we're using a base image of Debian or Alpine, what I really want to know is...which version of Debian/Alpine includes the fix version, if any.
Is there an easy way to search base images (Debian/Alpine) to determine which vulnerabilities are present in each version? That way I can instruct my developers, upgrade your base to the latest version and you'll be done.