Provide a way to find out the source of vulnerability

[dryewo]

It would be nice to know if some of the reported vulnerabilities were introduced in the topmost docker build or were inherited from the base image.

For example, this image clearly should be rebased:

FROM ubuntu:very-old
RUN touch hello.txt

And this should be reconsidered:

FROM ubuntu:new-shiny
RUN install-old-package.sh