diff --git a/.gitignore b/.gitignore
index 5f24223..32cb064 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,4 +38,6 @@ out/
 
 ### Unbase OCI ###
 *.oci
-glvd.sql
+
+# DB Dump for DevDb container image
+/glvd.sql
diff --git a/DevDb.Containerfile b/DevDb.Containerfile
new file mode 100644
index 0000000..0b6dfdd
--- /dev/null
+++ b/DevDb.Containerfile
@@ -0,0 +1,3 @@
+FROM ghcr.io/gardenlinux/glvd-postgres:latest
+
+COPY glvd.sql /docker-entrypoint-initdb.d/glvd.sql
diff --git a/README.md b/README.md
index 1207eb2..b3c0d72 100644
--- a/README.md
+++ b/README.md
@@ -32,26 +32,32 @@ To build the app, ensure the test database is running:
 
 ## Running the Application Locally
 
-1. Start the application database:
+1. Get a dump of the Database (this needs the GitHub `gh` cli and `jq`)
+
+```bash
+./download-db-dump.sh
+```
+
+2. Start the application database:
 
 ```bash
 ./start-db-for-app.sh
 ```
 
-2. Build and run the Spring Boot app:
+3. Build and run the Spring Boot app:
 
 ```bash
 ./gradlew bootRun
 ```
 
-3. After startup, check readiness:
+4. After startup, check readiness:
 
 ```
 curl http://localhost:8080/readiness
 # Should return status code 200
 ```
 
-4. Open http://localhost:8080 in your web browser to use the UI
+5. Open http://localhost:8080 in your web browser to use the UI
 
 ## Example Requests
 
diff --git a/download-db-dump.sh b/download-db-dump.sh
new file mode 100755
index 0000000..2d1b7c4
--- /dev/null
+++ b/download-db-dump.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+LATEST_RUN_ID=$(gh run list --repo gardenlinux/glvd-data-ingestion --branch main --workflow 02-ingest-dump-snapshot.yaml --json databaseId --limit 1 | jq -r '.[0].databaseId')
+gh run download $LATEST_RUN_ID -n glvd.sql --repo gardenlinux/glvd-data-ingestion
diff --git a/src/docs/asciidoc/index.adoc b/src/docs/asciidoc/index.adoc
index 8a5a8c6..4d8dbc6 100644
--- a/src/docs/asciidoc/index.adoc
+++ b/src/docs/asciidoc/index.adoc
@@ -71,6 +71,25 @@ Example response:
 
 include::{snippets}/getCveForDistro/http-response.adoc[]
 
+=== List CVEs by Image
+
+Retrieve all CVEs for a given Garden Linux image and version.
+This applies a filter for the packages in the specified image.
+
+Supported images are currently:
+
+- `ali-gardener_prod`
+- `aws-gardener_prod`
+- `azure-gardener_prod`
+- `gcp-gardener_prod`
+- `openstack-gardener_prod`
+
+include::{snippets}/getCveForImage/curl-request.adoc[]
+
+Example response:
+
+include::{snippets}/getCveForImage/http-response.adoc[]
+
 === List CVEs for Packages by Distribution
 
 Retrieve all CVEs for a list of packages in a specified distribution.
diff --git a/src/main/java/io/gardenlinux/glvd/GlvdController.java b/src/main/java/io/gardenlinux/glvd/GlvdController.java
index db48e05..de0ae75 100644
--- a/src/main/java/io/gardenlinux/glvd/GlvdController.java
+++ b/src/main/java/io/gardenlinux/glvd/GlvdController.java
@@ -35,6 +35,20 @@ gardenlinuxVersion, new SortAndPageOptions(sortBy, sortOrder, pageNumber, pageSi
         );
     }
 
+    @GetMapping("/cves/{gardenlinuxVersion}/image/{gardenlinuxImage}")
+    ResponseEntity<List<ImageSourcePackageCve>> getCveImage(
+            @PathVariable final String gardenlinuxVersion,
+            @PathVariable final String gardenlinuxImage,
+            @RequestParam(defaultValue = "cveId") final String sortBy,
+            @RequestParam(defaultValue = "ASC") final String sortOrder,
+            @RequestParam(required = false) final String pageNumber,
+            @RequestParam(required = false) final String pageSize
+    ) {
+        return ResponseEntity.ok().body(glvdService.getCveForImage(
+                gardenlinuxImage, gardenlinuxVersion, new SortAndPageOptions(sortBy, sortOrder, pageNumber, pageSize))
+        );
+    }
+
     @GetMapping("/cves/{gardenlinuxVersion}/packages/{packageList}")
     ResponseEntity<List<SourcePackageCve>> getCvePackages(
             @PathVariable final String gardenlinuxVersion,
diff --git a/src/main/java/io/gardenlinux/glvd/GlvdService.java b/src/main/java/io/gardenlinux/glvd/GlvdService.java
index d4bc801..3fa7431 100644
--- a/src/main/java/io/gardenlinux/glvd/GlvdService.java
+++ b/src/main/java/io/gardenlinux/glvd/GlvdService.java
@@ -33,6 +33,9 @@ public class GlvdService {
     @Nonnull
     private final SourcePackageRepository sourcePackageRepository;
 
+    @Nonnull
+    private final ImageSourcePackageCveRepository imageSourcePackageCveRepository;
+
     @Nonnull
     private final CveDetailsRepository cveDetailsRepository;
 
@@ -62,9 +65,10 @@ public class GlvdService {
 
     Logger logger = LoggerFactory.getLogger(GlvdService.class);
 
-    public GlvdService(@Nonnull SourcePackageCveRepository sourcePackageCveRepository, @Nonnull SourcePackageRepository sourcePackageRepository, @Nonnull CveDetailsRepository cveDetailsRepository, @Nonnull CveContextRepository cveContextRepository, @Nonnull DistCpeRepository distCpeRepository, @Nonnull NvdExclusiveCveRepository nvdExclusiveCveRepository, @Nonnull DebSrcRepository debSrcRepository, @Nonnull KernelCveRepository kernelCveRepository, @Nonnull KernelCveDetailsRepository kernelCveDetailsRepository, @Nonnull NvdCveRepository nvdCveRepository, @Nonnull TriageRepository triageRepository) {
+    public GlvdService(@Nonnull SourcePackageCveRepository sourcePackageCveRepository, @Nonnull SourcePackageRepository sourcePackageRepository, @Nonnull ImageSourcePackageCveRepository imageSourcePackageCveRepository, @Nonnull CveDetailsRepository cveDetailsRepository, @Nonnull CveContextRepository cveContextRepository, @Nonnull DistCpeRepository distCpeRepository, @Nonnull NvdExclusiveCveRepository nvdExclusiveCveRepository, @Nonnull DebSrcRepository debSrcRepository, @Nonnull KernelCveRepository kernelCveRepository, @Nonnull KernelCveDetailsRepository kernelCveDetailsRepository, @Nonnull NvdCveRepository nvdCveRepository, @Nonnull TriageRepository triageRepository) {
         this.sourcePackageCveRepository = sourcePackageCveRepository;
         this.sourcePackageRepository = sourcePackageRepository;
+        this.imageSourcePackageCveRepository = imageSourcePackageCveRepository;
         this.cveDetailsRepository = cveDetailsRepository;
         this.cveContextRepository = cveContextRepository;
         this.distCpeRepository = distCpeRepository;
@@ -108,6 +112,22 @@ private Pageable determinePageAndSortFeatures2(SortAndPageOptions sortAndPageOpt
         return Pageable.unpaged();
     }
 
+    public List<ImageSourcePackageCve> getCveForImage(String image, String gardenlinuxVersion, SortAndPageOptions sortAndPageOptions) {
+        var cvesExcludingKernel = imageSourcePackageCveRepository.findByGardenlinuxVersionAndGardenlinuxImageName(
+                        gardenlinuxVersion, image, determinePageAndSortFeatures(sortAndPageOptions))
+                .stream()
+                .filter(CvesByStatusRejectedxx())
+                .toList();
+
+        var kernelCves = kernelCveRepository.findByGardenlinuxVersion(gardenlinuxVersion)
+                .stream()
+                .map(kernelCve -> new ImageSourcePackageCve(kernelCve.getCveId(), kernelCve.getSourcePackageName(), kernelCve.getSourcePackageVersion(), kernelCve.getGardenlinuxVersion(), "", "", "", kernelCve.isVulnerable(), kernelCve.getCvePublishedDate(), kernelCve.getCveLastModifiedDate(), kernelCve.getCveLastIngestedDate(), kernelCve.getVulnStatus(), kernelCve.getBaseScore(), kernelCve.getVectorString(), kernelCve.getBaseScoreV40(), kernelCve.getBaseScoreV31(), kernelCve.getBaseScoreV30(), kernelCve.getBaseScoreV2(), kernelCve.getVectorStringV40(), kernelCve.getVectorStringV31(), kernelCve.getVectorStringV30(), kernelCve.getVectorStringV2()))
+                .filter(CvesByStatusRejectedxx())
+                .toList();
+
+        return Stream.concat(cvesExcludingKernel.stream(), kernelCves.stream()).toList();
+    }
+
     public List<SourcePackageCve> getCveForDistribution(String gardenlinuxVersion, SortAndPageOptions sortAndPageOptions) {
         var cvesExcludingKernel = sourcePackageCveRepository.findByGardenlinuxVersion(
                         gardenlinuxVersion, determinePageAndSortFeatures(sortAndPageOptions))
@@ -128,6 +148,11 @@ private static Predicate<SourcePackageCve> CvesByStatusRejected() {
         return cve -> !cve.getVulnStatus().equalsIgnoreCase("Rejected");
     }
 
+    // fixme
+    private static Predicate<ImageSourcePackageCve> CvesByStatusRejectedxx() {
+        return cve -> !cve.getVulnStatus().equalsIgnoreCase("Rejected");
+    }
+
     public List<KernelCve> kernelCvesForGardenLinuxVersion(String gardenlinuxVersion) {
         return kernelCveRepository.findByGardenlinuxVersion(gardenlinuxVersion);
     }
diff --git a/src/main/java/io/gardenlinux/glvd/UiController.java b/src/main/java/io/gardenlinux/glvd/UiController.java
index 8f4b777..75d9625 100644
--- a/src/main/java/io/gardenlinux/glvd/UiController.java
+++ b/src/main/java/io/gardenlinux/glvd/UiController.java
@@ -1,5 +1,6 @@
 package io.gardenlinux.glvd;
 
+import io.gardenlinux.glvd.db.ImageSourcePackageCve;
 import io.gardenlinux.glvd.db.SourcePackageCve;
 import io.gardenlinux.glvd.exceptions.CveNotKnownException;
 import jakarta.annotation.Nonnull;
@@ -39,6 +40,33 @@ gardenlinuxVersion, new SortAndPageOptions(sortBy, sortOrder, pageNumber, pageSi
         return "getPackagesForDistro";
     }
 
+    @GetMapping("/getCveForImage")
+    public String getCveForImage(
+            @RequestParam(name = "gardenlinuxVersion", required = true) String gardenlinuxVersion,
+            @RequestParam(name = "imageName", required = true) String imageName,
+            @RequestParam(defaultValue = "baseScore") final String sortBy,
+            @RequestParam(defaultValue = "DESC") final String sortOrder,
+            @RequestParam(required = false) final String pageNumber,
+            @RequestParam(required = false) final String pageSize,
+            @RequestParam(required = false, defaultValue = "true") final boolean onlyVulnerable,
+            Model model
+    ) {
+        var sourcePackageCves = glvdService.getCveForImage(
+                        imageName, gardenlinuxVersion, new SortAndPageOptions(sortBy, sortOrder, pageNumber, pageSize)
+                )
+                .stream()
+                .filter(ImageSourcePackageCve::isVulnerable)
+                .filter(sourcePackageCve -> !sourcePackageCve.getVulnStatus().equalsIgnoreCase("Rejected"))
+                .toList();
+        var contexts = glvdService.getCveContextsForDist(glvdService.distVersionToId(gardenlinuxVersion));
+        model.addAttribute("sourcePackageCves", sourcePackageCves);
+        model.addAttribute("gardenlinuxVersion", gardenlinuxVersion);
+        model.addAttribute("imageName", imageName);
+        model.addAttribute("onlyVulnerable", onlyVulnerable);
+        model.addAttribute("cveContexts", contexts);
+        return "getCveForImage";
+    }
+
     @GetMapping("/getCveForDistribution")
     public String getCveForDistribution(
             @RequestParam(name = "gardenlinuxVersion", required = true) String gardenlinuxVersion,
diff --git a/src/main/java/io/gardenlinux/glvd/db/ImageSourcePackageCve.java b/src/main/java/io/gardenlinux/glvd/db/ImageSourcePackageCve.java
new file mode 100644
index 0000000..6d1f498
--- /dev/null
+++ b/src/main/java/io/gardenlinux/glvd/db/ImageSourcePackageCve.java
@@ -0,0 +1,194 @@
+package io.gardenlinux.glvd.db;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "imagesourcepackagecve")
+public class ImageSourcePackageCve {
+
+    @Id
+    @Column(name = "cve_id", nullable = false)
+    private String cveId;
+
+    @Column(name = "source_package_name", nullable = false)
+    private String sourcePackageName;
+
+    @Column(name = "source_package_version", nullable = false)
+    private String sourcePackageVersion;
+
+    @Column(name = "gardenlinux_version", nullable = false)
+    private String gardenlinuxVersion;
+
+    @Column(name = "gardenlinux_image_name", nullable = false)
+    private String gardenlinuxImageName;
+
+    @Column(name = "gardenlinux_image_version", nullable = false)
+    private String gardenlinuxImageVersion;
+
+    @Column(name = "gardenlinux_image_commit_id", nullable = false)
+    private String gardenlinuxImageCommitId;
+
+    @Column(name = "is_vulnerable", nullable = false)
+    private boolean isVulnerable;
+
+    @Column(name = "cve_published_date", nullable = false)
+    private String cvePublishedDate;
+
+    @Column(name = "cve_last_modified_date", nullable = false)
+    private String cveLastModifiedDate;
+
+    @Column(name = "cve_last_ingested_date", nullable = false)
+    private String cveLastIngestedDate;
+
+    @Column(name = "vuln_status", nullable = false)
+    private String vulnStatus;
+
+    @Column(name = "base_score", nullable = true)
+    private Float baseScore;
+
+    @Column(name = "vector_string", nullable = true)
+    private String vectorString;
+
+    @Column(name = "base_score_v40", nullable = true)
+    private Float baseScoreV40;
+
+    @Column(name = "base_score_v31", nullable = true)
+    private Float baseScoreV31;
+
+    @Column(name = "base_score_v30", nullable = true)
+    private Float baseScoreV30;
+
+    @Column(name = "base_score_v2", nullable = true)
+    private Float baseScoreV2;
+
+    @Column(name = "vector_string_v40", nullable = true)
+    private String vectorStringV40;
+
+    @Column(name = "vector_string_v31", nullable = true)
+    private String vectorStringV31;
+
+    @Column(name = "vector_string_v30", nullable = true)
+    private String vectorStringV30;
+
+    @Column(name = "vector_string_v2", nullable = true)
+    private String vectorStringV2;
+
+    public ImageSourcePackageCve() {
+    }
+
+    public ImageSourcePackageCve(String cveId, String sourcePackageName, String sourcePackageVersion, String gardenlinuxVersion, String gardenlinuxImageName, String gardenlinuxImageVersion, String gardenlinuxImageCommitId, boolean isVulnerable, String cvePublishedDate, String cveLastModifiedDate, String cveLastIngestedDate, String vulnStatus, Float baseScore, String vectorString, Float baseScoreV40, Float baseScoreV31, Float baseScoreV30, Float baseScoreV2, String vectorStringV40, String vectorStringV31, String vectorStringV30, String vectorStringV2) {
+        this.cveId = cveId;
+        this.sourcePackageName = sourcePackageName;
+        this.sourcePackageVersion = sourcePackageVersion;
+        this.gardenlinuxVersion = gardenlinuxVersion;
+        this.gardenlinuxImageName = gardenlinuxImageName;
+        this.gardenlinuxImageVersion = gardenlinuxImageVersion;
+        this.gardenlinuxImageCommitId = gardenlinuxImageCommitId;
+        this.isVulnerable = isVulnerable;
+        this.cvePublishedDate = cvePublishedDate;
+        this.cveLastModifiedDate = cveLastModifiedDate;
+        this.cveLastIngestedDate = cveLastIngestedDate;
+        this.vulnStatus = vulnStatus;
+        this.baseScore = baseScore;
+        this.vectorString = vectorString;
+        this.baseScoreV40 = baseScoreV40;
+        this.baseScoreV31 = baseScoreV31;
+        this.baseScoreV30 = baseScoreV30;
+        this.baseScoreV2 = baseScoreV2;
+        this.vectorStringV40 = vectorStringV40;
+        this.vectorStringV31 = vectorStringV31;
+        this.vectorStringV30 = vectorStringV30;
+        this.vectorStringV2 = vectorStringV2;
+    }
+
+    public String getCveId() {
+        return cveId;
+    }
+
+    public String getSourcePackageName() {
+        return sourcePackageName;
+    }
+
+    public String getSourcePackageVersion() {
+        return sourcePackageVersion;
+    }
+
+    public String getGardenlinuxVersion() {
+        return gardenlinuxVersion;
+    }
+
+    public String getGardenlinuxImageName() {
+        return gardenlinuxImageName;
+    }
+
+    public String getGardenlinuxImageVersion() {
+        return gardenlinuxImageVersion;
+    }
+
+    public String getGardenlinuxImageCommitId() {
+        return gardenlinuxImageCommitId;
+    }
+
+    public boolean isVulnerable() {
+        return isVulnerable;
+    }
+
+    public String getCvePublishedDate() {
+        return cvePublishedDate;
+    }
+
+    public String getCveLastModifiedDate() {
+        return cveLastModifiedDate;
+    }
+
+    public String getCveLastIngestedDate() {
+        return cveLastIngestedDate;
+    }
+
+    public String getVulnStatus() {
+        return vulnStatus;
+    }
+
+    public Float getBaseScore() {
+        return baseScore;
+    }
+
+    public String getVectorString() {
+        return vectorString;
+    }
+
+    public Float getBaseScoreV40() {
+        return baseScoreV40;
+    }
+
+    public Float getBaseScoreV31() {
+        return baseScoreV31;
+    }
+
+    public Float getBaseScoreV30() {
+        return baseScoreV30;
+    }
+
+    public Float getBaseScoreV2() {
+        return baseScoreV2;
+    }
+
+    public String getVectorStringV40() {
+        return vectorStringV40;
+    }
+
+    public String getVectorStringV31() {
+        return vectorStringV31;
+    }
+
+    public String getVectorStringV30() {
+        return vectorStringV30;
+    }
+
+    public String getVectorStringV2() {
+        return vectorStringV2;
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/io/gardenlinux/glvd/db/ImageSourcePackageCveRepository.java b/src/main/java/io/gardenlinux/glvd/db/ImageSourcePackageCveRepository.java
new file mode 100644
index 0000000..6f9a869
--- /dev/null
+++ b/src/main/java/io/gardenlinux/glvd/db/ImageSourcePackageCveRepository.java
@@ -0,0 +1,53 @@
+package io.gardenlinux.glvd.db;
+
+import org.springframework.data.domain.Pageable;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+
+import java.util.List;
+
+public interface ImageSourcePackageCveRepository extends JpaRepository<ImageSourcePackageCve, String> {
+
+    List<ImageSourcePackageCve> findBySourcePackageName(
+            @Param("source_package_name") String source_package_name,
+            Pageable pageable
+    );
+
+    List<ImageSourcePackageCve> findBySourcePackageNameAndSourcePackageVersion(
+            @Param("source_package_name") String source_package_name,
+            @Param("source_package_version") String source_package_version,
+            Pageable pageable
+    );
+
+    List<ImageSourcePackageCve> findByCveIdAndGardenlinuxVersion(
+            @Param("cve_id") String cve_id,
+            @Param("gardenlinux_version") String gardenlinux_version,
+            Pageable pageable
+    );
+
+    List<ImageSourcePackageCve> findByGardenlinuxVersion(
+            @Param("gardenlinux_version") String gardenlinux_version,
+            Pageable pageable
+    );
+
+    List<ImageSourcePackageCve> findByGardenlinuxVersionAndGardenlinuxImageName(
+            @Param("gardenlinux_version") String gardenlinux_version,
+            @Param("gardenlinux_image_name") String gardenlinux_image_name,
+            Pageable pageable
+    );
+
+    // would be nice if we did not need a native query here
+    // is this (the in-array search for packages) possible in any other way with spring data jpa?
+    // fixme: does not support sorting, cf https://github.com/spring-projects/spring-data-jpa/issues/2504#issuecomment-1527743003
+    // pagination seems to work ok
+    @Query(value = """
+            SELECT * FROM imagesourcepackagecve
+            WHERE source_package_name = ANY(:source_package_names ::TEXT[]) AND gardenlinux_version = :gardenlinux_version
+            """, nativeQuery = true)
+    List<ImageSourcePackageCve> findBySourcePackageNameInAndGardenlinuxVersion(
+            @Param("source_package_names") String source_package_names,
+            @Param("gardenlinux_version") String gardenlinux_version,
+            Pageable pageable
+    );
+}
diff --git a/src/main/java/io/gardenlinux/glvd/db/SourcePackageCve.java b/src/main/java/io/gardenlinux/glvd/db/SourcePackageCve.java
index 5b3e3d4..f6d006f 100644
--- a/src/main/java/io/gardenlinux/glvd/db/SourcePackageCve.java
+++ b/src/main/java/io/gardenlinux/glvd/db/SourcePackageCve.java
@@ -6,7 +6,7 @@
 import jakarta.persistence.Table;
 
 @Entity
-@Table(name = "sourcepackagecve")
+@Table(name = "sourcepackagecve_anyimage")
 public class SourcePackageCve {
 
     @Id
diff --git a/src/main/resources/static/index.html b/src/main/resources/static/index.html
index 6676fe1..593224a 100644
--- a/src/main/resources/static/index.html
+++ b/src/main/resources/static/index.html
@@ -93,6 +93,7 @@
 
         document.addEventListener("DOMContentLoaded", function () {
             populateGardenlinuxVersions("gardenlinuxVersion");
+            populateGardenlinuxVersions("imageGardenlinuxVersion");
             populateGardenlinuxVersions("packagesGardenlinuxVersion");
             populateGardenlinuxVersions("distroGardenlinuxVersion");
             populateGardenlinuxVersions("releaseNotesGardenlinuxVersion");
@@ -100,7 +101,6 @@
         });
     </script>
 
-
     <div class="container">
         <h1>Welcome to the Garden Linux Vulnerability Database</h1>
         <p>GLVD (Garden Linux Vulnerability Database) is an application for tracking security issues in
@@ -125,10 +125,30 @@ <h1>Welcome to the Garden Linux Vulnerability Database</h1>
                 <td><button type="submit">Go</button>
                     </form>
             </tr>
+            <tr>
+                <td>
+                    <form action="/getCveForImage" method="get" class="distribution">
+                        <label for="gardenlinuxVersion">...CVEs in an Garden Linux image</label>
+                <td>
+                    <select id="imageName" name="imageName" required>
+                        <option value="">Select image...</option>
+                        <option value="ali-gardener_prod">ali-gardener_prod</option>
+                        <option value="aws-gardener_prod">aws-gardener_prod</option>
+                        <option value="azure-gardener_prod">azure-gardener_prod</option>
+                        <option value="gcp-gardener_prod">gcp-gardener_prod</option>
+                        <option value="openstack-gardener_prod">openstack-gardener_prod</option>
+                    </select>
+                <td>
+                    <select id="imageGardenlinuxVersion" name="gardenlinuxVersion" required>
+                        <option value="">Loading...</option>
+                    </select>
+                <td><button type="submit">Go</button>
+                    </form>
+            </tr>
             <tr>
                 <td>
                     <form action="/getCveForDistribution" method="get" class="distribution">
-                        <label for="gardenlinuxVersion">...a Garden Linux version</label>
+                        <label for="gardenlinuxVersion">...CVEs in any Garden Linux image</label>
                 <td>
                 <td><select id="gardenlinuxVersion" name="gardenlinuxVersion" required>
                         <option value="">Loading...</option>
diff --git a/src/main/resources/templates/getCveForImage.html b/src/main/resources/templates/getCveForImage.html
new file mode 100644
index 0000000..5d7819d
--- /dev/null
+++ b/src/main/resources/templates/getCveForImage.html
@@ -0,0 +1,89 @@
+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>GLVD: List vulnerabilities in image</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <link href="style.css" rel="stylesheet" media="screen" />
+</head>
+<body>
+<h1 th:text="|Vulnerabilities list for Garden Linux image ${imageName} in version ${gardenlinuxVersion} |" />
+
+<p th:text="|Found ${#lists.size(sourcePackageCves)} potential security issues|"></p>
+
+<table>
+    <thead>
+    <tr>
+        <th>CVE ID
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveId,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveId,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>CVE Base Score
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=baseScore,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=baseScore,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>Vector String</th>
+
+        <th>CVE Published Date
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cvePublishedDate,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cvePublishedDate,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>CVE Last Modified Date
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveLastModifiedDate,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveLastModifiedDate,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>CVE Last Ingested Date
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveLastIngestedDate,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=cveLastIngestedDate,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>Source Package
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=sourcePackageName,sortOrder=ASC,onlyVulnerable=true)}">&uarr;</a>
+            <a th:href="@{/getCveForImage(gardenlinuxVersion=${gardenlinuxVersion},imageName=${imageName},sortBy=sourcePackageName,sortOrder=DESC,onlyVulnerable=true)}">&darr;</a>
+        </th>
+
+        <th>Version</th>
+        <th>Is Vulnerable?</th>
+        <th>Vulnerability Status</th>
+    </tr>
+    </thead>
+    <tr th:each="item: ${sourcePackageCves}">
+        <td><a th:href="@{/getCveDetails(cveId=${item.cveId})}"> <div th:text="[DETAILS]"></div> </a> <div th:text="${item.cveId}"/> </td>
+        <td th:text="${item.baseScore}" />
+        <td th:text="${item.vectorString}" />
+        <td th:text="${item.cvePublishedDate}" />
+        <td th:text="${item.cveLastModifiedDate}" />
+        <td th:text="${item.cveLastIngestedDate}" />
+        <td th:text="${item.sourcePackageName}" />
+        <td th:text="${item.sourcePackageVersion}" />
+        <td th:text="${item.isVulnerable}" />
+        <td th:text="${item.vulnStatus}" />
+    </tr>
+</table>
+
+<h2 th:text="|CVE Contexts for Garden Linux ${gardenlinuxVersion} |" />
+
+<table>
+    <thead>
+    <tr>
+        <th>CVE ID</th>
+        <th>Create Date</th>
+        <th>Use-Case</th>
+        <th>Description</th>
+        <th>Is Resolved?</th>
+    </tr>
+    </thead>
+    <tr th:each="item: ${cveContexts}">
+        <td><a th:href="@{/getCveDetails(cveId=${item.cveId})}"> <div th:text="[DETAILS]"></div> </a> <div th:text="${item.cveId}"/> </td>
+        <td th:text="${item.createDate}"></td>
+        <td th:text="${item.useCase}"></td>
+        <td th:text="${item.description}"></td>
+        <td th:text="${item.getResolved}"></td>
+    </tr>
+</table>
+
+</body>
+</html>
diff --git a/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java b/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java
index 25c8359..6584bfc 100644
--- a/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java
+++ b/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java
@@ -39,6 +39,17 @@ void setUp(RestDocumentationContextProvider restDocumentation) {
         RestAssured.baseURI = "http://localhost:" + port;
     }
 
+    @Test
+    public void shouldReturnCvesForGardenlinuxImage() {
+        given(this.spec).accept("application/json")
+                .filter(document("getCveForImage",
+                        preprocessRequest(modifyUris().scheme("https").host("security.gardenlinux.org").removePort()),
+                        preprocessResponse(prettyPrint())))
+                .when().port(this.port).get("/v1/cves/1592.4/image/azure-gardener_prod")
+                .then().statusCode(HttpStatus.SC_OK)
+                .body("sourcePackageName", hasItems("curl", "rsync", "jinja2", "python3.12", "linux"));
+    }
+
     @Test
     public void shouldReturnCvesForGardenlinux() {
         given(this.spec).accept("application/json")
diff --git a/src/test/resources/test-data/01-schema.sql b/src/test/resources/test-data/01-schema.sql
index 04fd368..d6cbb47 100644
--- a/src/test/resources/test-data/01-schema.sql
+++ b/src/test/resources/test-data/01-schema.sql
@@ -2,7 +2,7 @@
 -- PostgreSQL database dump
 --
 
-\restrict Un049OhuTEHTPUOKLIca5bspmjJc8ENlAfLee5SyePnk7o3PvRwrPFl8cfZzTJn
+\restrict e1hqKiTcHJTd1GpX99lJgahFrtsFTHeaNGInjKDAVd4oN9PN7hYLnzrd123u5FX
 
 -- Dumped from database version 18.0 (Debian 18.0-1.pgdg13+3)
 -- Dumped by pg_dump version 18.0 (Debian 18.0-1.pgdg13+3)
@@ -27,7 +27,7 @@ CREATE EXTENSION IF NOT EXISTS debversion WITH SCHEMA public;
 
 
 --
--- Name: EXTENSION debversion; Type: COMMENT; Schema: -; Owner: 
+-- Name: EXTENSION debversion; Type: COMMENT; Schema: -; Owner:
 --
 
 COMMENT ON EXTENSION debversion IS 'Debian version number data type';
@@ -267,6 +267,109 @@ ALTER TABLE public.dist_cpe ALTER COLUMN id ADD GENERATED ALWAYS AS IDENTITY (
 );
 
 
+--
+-- Name: image_package; Type: TABLE; Schema: public; Owner: glvd
+--
+
+CREATE TABLE public.image_package (
+    image_variant_id bigint NOT NULL,
+    package_name text NOT NULL
+);
+
+
+ALTER TABLE public.image_package OWNER TO glvd;
+
+--
+-- Name: image_variant; Type: TABLE; Schema: public; Owner: glvd
+--
+
+CREATE TABLE public.image_variant (
+    id bigint NOT NULL,
+    namespace text DEFAULT 'gardenlinux'::text NOT NULL,
+    image_name text NOT NULL,
+    image_version text NOT NULL,
+    commit_id text,
+    metadata jsonb DEFAULT '{}'::jsonb,
+    packages text[] DEFAULT '{}'::text[]
+);
+
+
+ALTER TABLE public.image_variant OWNER TO glvd;
+
+--
+-- Name: image_variant_id_seq; Type: SEQUENCE; Schema: public; Owner: glvd
+--
+
+CREATE SEQUENCE public.image_variant_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+ALTER SEQUENCE public.image_variant_id_seq OWNER TO glvd;
+
+--
+-- Name: image_variant_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: glvd
+--
+
+ALTER SEQUENCE public.image_variant_id_seq OWNED BY public.image_variant.id;
+
+
+--
+-- Name: imagesourcepackagecve; Type: VIEW; Schema: public; Owner: glvd
+--
+
+CREATE VIEW public.imagesourcepackagecve AS
+ SELECT DISTINCT all_cve.cve_id,
+    deb_cve.deb_source AS source_package_name,
+    deb_cve.deb_version AS source_package_version,
+    dist_cpe.cpe_version AS gardenlinux_version,
+    iv.namespace AS gardenlinux_image_namespace,
+    iv.image_name AS gardenlinux_image_name,
+    iv.image_version AS gardenlinux_image_version,
+    iv.commit_id AS gardenlinux_image_commit_id,
+    ((deb_cve.debsec_vulnerable AND (cve_context.is_resolved IS NOT TRUE)) = true) AS is_vulnerable,
+    deb_cve.debsec_vulnerable,
+    cve_context.is_resolved,
+    (all_cve.data ->> 'published'::text) AS cve_published_date,
+    (all_cve.data ->> 'lastModified'::text) AS cve_last_modified_date,
+    all_cve.last_mod AS cve_last_ingested_date,
+        CASE
+            WHEN (((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric IS NOT NULL) THEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric
+            WHEN (((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric IS NOT NULL) THEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric
+            WHEN (((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric IS NOT NULL) THEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric
+            WHEN (((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric IS NOT NULL) THEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric
+            ELSE NULL::numeric
+        END AS base_score,
+        CASE
+            WHEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) IS NOT NULL) THEN (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text)
+            WHEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) IS NOT NULL) THEN (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text)
+            WHEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) IS NOT NULL) THEN (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text)
+            WHEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) IS NOT NULL) THEN (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text)
+            ELSE NULL::text
+        END AS vector_string,
+    ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v40,
+    ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v31,
+    ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v30,
+    ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v2,
+    (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v40,
+    (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v31,
+    (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v30,
+    (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v2,
+    (all_cve.data ->> 'vulnStatus'::text) AS vuln_status
+   FROM (((((public.all_cve
+     JOIN public.deb_cve USING (cve_id))
+     JOIN public.dist_cpe ON ((deb_cve.dist_id = dist_cpe.id)))
+     FULL JOIN public.cve_context USING (cve_id, dist_id))
+     JOIN public.image_package ip ON ((ip.package_name = deb_cve.deb_source)))
+     JOIN public.image_variant iv ON ((iv.id = ip.image_variant_id)))
+  WHERE ((dist_cpe.cpe_product = 'gardenlinux'::text) AND (iv.namespace = 'gardenlinux'::text) AND (deb_cve.debsec_vulnerable = true) AND (deb_cve.deb_source <> 'linux'::text) AND (dist_cpe.cpe_version = iv.image_version));
+
+
+ALTER VIEW public.imagesourcepackagecve OWNER TO glvd;
+
 --
 -- Name: kernel_vulns; Type: VIEW; Schema: public; Owner: glvd
 --
@@ -479,6 +582,37 @@ CREATE VIEW public.sourcepackage AS
 
 ALTER VIEW public.sourcepackage OWNER TO glvd;
 
+--
+-- Name: sourcepackagecve_anyimage; Type: VIEW; Schema: public; Owner: glvd
+--
+
+CREATE VIEW public.sourcepackagecve_anyimage AS
+ SELECT DISTINCT cve_id,
+    source_package_name,
+    source_package_version,
+    gardenlinux_version,
+    is_vulnerable,
+    debsec_vulnerable,
+    is_resolved,
+    cve_published_date,
+    cve_last_modified_date,
+    cve_last_ingested_date,
+    base_score,
+    vector_string,
+    base_score_v40,
+    base_score_v31,
+    base_score_v30,
+    base_score_v2,
+    vector_string_v40,
+    vector_string_v31,
+    vector_string_v30,
+    vector_string_v2,
+    vuln_status
+   FROM public.imagesourcepackagecve;
+
+
+ALTER VIEW public.sourcepackagecve_anyimage OWNER TO glvd;
+
 --
 -- Name: triage; Type: VIEW; Schema: public; Owner: glvd
 --
@@ -510,6 +644,13 @@ CREATE VIEW public.triage AS
 
 ALTER VIEW public.triage OWNER TO glvd;
 
+--
+-- Name: image_variant id; Type: DEFAULT; Schema: public; Owner: glvd
+--
+
+ALTER TABLE ONLY public.image_variant ALTER COLUMN id SET DEFAULT nextval('public.image_variant_id_seq'::regclass);
+
+
 --
 -- Name: all_cve all_cve_pkey; Type: CONSTRAINT; Schema: public; Owner: glvd
 --
@@ -566,6 +707,30 @@ ALTER TABLE ONLY public.dist_cpe
     ADD CONSTRAINT dist_cpe_pkey PRIMARY KEY (id);
 
 
+--
+-- Name: image_package image_package_pkey; Type: CONSTRAINT; Schema: public; Owner: glvd
+--
+
+ALTER TABLE ONLY public.image_package
+    ADD CONSTRAINT image_package_pkey PRIMARY KEY (image_variant_id, package_name);
+
+
+--
+-- Name: image_variant image_variant_namespace_name_version_unique; Type: CONSTRAINT; Schema: public; Owner: glvd
+--
+
+ALTER TABLE ONLY public.image_variant
+    ADD CONSTRAINT image_variant_namespace_name_version_unique UNIQUE (namespace, image_name, image_version);
+
+
+--
+-- Name: image_variant image_variant_pkey; Type: CONSTRAINT; Schema: public; Owner: glvd
+--
+
+ALTER TABLE ONLY public.image_variant
+    ADD CONSTRAINT image_variant_pkey PRIMARY KEY (id);
+
+
 --
 -- Name: migrations migrations_pkey; Type: CONSTRAINT; Schema: public; Owner: glvd
 --
@@ -582,6 +747,55 @@ ALTER TABLE ONLY public.nvd_cve
     ADD CONSTRAINT nvd_cve_pkey PRIMARY KEY (cve_id);
 
 
+--
+-- Name: all_cve_cve_id_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX all_cve_cve_id_idx ON public.all_cve USING btree (cve_id);
+
+
+--
+-- Name: all_cve_last_mod_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX all_cve_last_mod_idx ON public.all_cve USING btree (last_mod);
+
+
+--
+-- Name: cve_context_is_resolved_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX cve_context_is_resolved_idx ON public.cve_context USING btree (is_resolved);
+
+
+--
+-- Name: deb_cve_cve_id_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX deb_cve_cve_id_idx ON public.deb_cve USING btree (cve_id);
+
+
+--
+-- Name: deb_cve_deb_source_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX deb_cve_deb_source_idx ON public.deb_cve USING btree (deb_source);
+
+
+--
+-- Name: deb_cve_deb_version_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX deb_cve_deb_version_idx ON public.deb_cve USING btree (deb_version);
+
+
+--
+-- Name: deb_cve_debsec_vulnerable_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX deb_cve_debsec_vulnerable_idx ON public.deb_cve USING btree (debsec_vulnerable);
+
+
 --
 -- Name: deb_cve_search; Type: INDEX; Schema: public; Owner: glvd
 --
@@ -589,6 +803,69 @@ ALTER TABLE ONLY public.nvd_cve
 CREATE INDEX deb_cve_search ON public.deb_cve USING btree (dist_id, debsec_vulnerable, deb_source, deb_version);
 
 
+--
+-- Name: debsec_cve_cve_id_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX debsec_cve_cve_id_idx ON public.debsec_cve USING btree (cve_id);
+
+
+--
+-- Name: debsrc_cve_id_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX debsrc_cve_id_idx ON public.debsrc USING btree (dist_id);
+
+
+--
+-- Name: debsrc_deb_version_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX debsrc_deb_version_idx ON public.debsrc USING btree (deb_version);
+
+
+--
+-- Name: dist_cpe_cpe_product_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX dist_cpe_cpe_product_idx ON public.dist_cpe USING btree (cpe_product);
+
+
+--
+-- Name: idx_image_package_image; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX idx_image_package_image ON public.image_package USING btree (image_variant_id);
+
+
+--
+-- Name: idx_image_package_package; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX idx_image_package_package ON public.image_package USING btree (package_name);
+
+
+--
+-- Name: idx_image_variant_packages_gin; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX idx_image_variant_packages_gin ON public.image_variant USING gin (packages);
+
+
+--
+-- Name: nvd_cve_cve_id_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX nvd_cve_cve_id_idx ON public.nvd_cve USING btree (cve_id);
+
+
+--
+-- Name: nvd_cve_last_mod_idx; Type: INDEX; Schema: public; Owner: glvd
+--
+
+CREATE INDEX nvd_cve_last_mod_idx ON public.nvd_cve USING btree (last_mod);
+
+
 --
 -- Name: cvedetails _RETURN; Type: RULE; Schema: public; Owner: glvd
 --
@@ -677,8 +954,15 @@ ALTER TABLE ONLY public.debsrc
 
 
 --
--- PostgreSQL database dump complete
+-- Name: image_package image_package_image_variant_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: glvd
 --
 
-\unrestrict Un049OhuTEHTPUOKLIca5bspmjJc8ENlAfLee5SyePnk7o3PvRwrPFl8cfZzTJn
+ALTER TABLE ONLY public.image_package
+    ADD CONSTRAINT image_package_image_variant_id_fkey FOREIGN KEY (image_variant_id) REFERENCES public.image_variant(id) ON DELETE CASCADE;
+
+
+--
+-- PostgreSQL database dump complete
+--
 
+\unrestrict e1hqKiTcHJTd1GpX99lJgahFrtsFTHeaNGInjKDAVd4oN9PN7hYLnzrd123u5FX
diff --git a/src/test/resources/test-data/02-sample-data.sql b/src/test/resources/test-data/02-sample-data.sql
index 69b52b1..d66f769 100644
--- a/src/test/resources/test-data/02-sample-data.sql
+++ b/src/test/resources/test-data/02-sample-data.sql
@@ -307,3 +307,167 @@ INSERT INTO public.cve_context_kernel (cve_id, lts_version, fixed_version, is_fi
 -- Test case for 'is resolved via triage process'
 INSERT INTO public.cve_context_kernel (cve_id, lts_version, fixed_version, is_fixed, is_relevant_subsystem, source_data) VALUES ('CVE-2024-44953', '6.6', NULL, false, true, '"{\"containers\": {\"cna\": {\"providerMetadata\": {\"orgId\": \"f4215fc3-5b6b-47ff-a258-f7189bd81038\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: ufs: core: Fix deadlock during RTC update\\n\\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\\n\\nHere is deadlock backtrace:\\n\\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\\n<ffffffee5e71e604> __schedule+0x684/0xa98\\n<ffffffee5e71ea60> schedule+0x48/0xc8\\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\\n<ffffffee5d6de968> __flush_work+0x39c/0x424\\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\\n<ffffffee5df912f4> rpm_idle+0x264/0x338\\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\\n<ffffffee5d6edec8> kthread+0x110/0x134\\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\\n\\nSkip updating RTC if RPM state is not RPM_ACTIVE.\"}], \"affected\": [{\"product\": \"Linux\", \"vendor\": \"Linux\", \"defaultStatus\": \"unaffected\", \"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"programFiles\": [\"drivers/ufs/core/ufshcd-priv.h\", \"drivers/ufs/core/ufshcd.c\"], \"versions\": [{\"version\": \"06701a545e9a3c4e007cff6872a074bf97c40619\", \"lessThan\": \"a4921b76bc9421d3838e167f6a17ea3112d8fe62\", \"status\": \"affected\", \"versionType\": \"git\"}, {\"version\": \"6bf999e0eb41850d5c857102535d5c53b2ede224\", \"lessThan\": \"f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5\", \"status\": \"affected\", \"versionType\": \"git\"}, {\"version\": \"6bf999e0eb41850d5c857102535d5c53b2ede224\", \"lessThan\": \"3911af778f208e5f49d43ce739332b91e26bc48e\", \"status\": \"affected\", \"versionType\": \"git\"}]}, {\"product\": \"Linux\", \"vendor\": \"Linux\", \"defaultStatus\": \"affected\", \"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"programFiles\": [\"drivers/ufs/core/ufshcd-priv.h\", \"drivers/ufs/core/ufshcd.c\"], \"versions\": [{\"version\": \"6.8\", \"status\": \"affected\"}, {\"version\": \"0\", \"lessThan\": \"6.8\", \"status\": \"unaffected\", \"versionType\": \"semver\"}, {\"version\": \"6.10.5\", \"lessThanOrEqual\": \"6.10.*\", \"status\": \"unaffected\", \"versionType\": \"semver\"}, {\"version\": \"6.11\", \"lessThanOrEqual\": \"*\", \"status\": \"unaffected\", \"versionType\": \"original_commit_for_fix\"}]}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/a4921b76bc9421d3838e167f6a17ea3112d8fe62\"}, {\"url\": \"https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5\"}, {\"url\": \"https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e\"}], \"title\": \"scsi: ufs: core: Fix deadlock during RTC update\", \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}}}, \"cveMetadata\": {\"assignerOrgId\": \"f4215fc3-5b6b-47ff-a258-f7189bd81038\", \"cveID\": \"CVE-2024-44953\", \"requesterUserId\": \"gregkh@kernel.org\", \"serial\": \"1\", \"state\": \"PUBLISHED\"}, \"dataType\": \"CVE_RECORD\", \"dataVersion\": \"5.0\"}"');
 INSERT INTO public.cve_context_kernel (cve_id, lts_version, fixed_version, is_fixed, is_relevant_subsystem, source_data) VALUES ('CVE-2024-44953', '6.12', NULL, false, true, '"{\"containers\": {\"cna\": {\"providerMetadata\": {\"orgId\": \"f4215fc3-5b6b-47ff-a258-f7189bd81038\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: ufs: core: Fix deadlock during RTC update\\n\\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\\n\\nHere is deadlock backtrace:\\n\\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\\n<ffffffee5e71e604> __schedule+0x684/0xa98\\n<ffffffee5e71ea60> schedule+0x48/0xc8\\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\\n<ffffffee5d6de968> __flush_work+0x39c/0x424\\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\\n<ffffffee5df912f4> rpm_idle+0x264/0x338\\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\\n<ffffffee5d6edec8> kthread+0x110/0x134\\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\\n\\nSkip updating RTC if RPM state is not RPM_ACTIVE.\"}], \"affected\": [{\"product\": \"Linux\", \"vendor\": \"Linux\", \"defaultStatus\": \"unaffected\", \"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"programFiles\": [\"drivers/ufs/core/ufshcd-priv.h\", \"drivers/ufs/core/ufshcd.c\"], \"versions\": [{\"version\": \"06701a545e9a3c4e007cff6872a074bf97c40619\", \"lessThan\": \"a4921b76bc9421d3838e167f6a17ea3112d8fe62\", \"status\": \"affected\", \"versionType\": \"git\"}, {\"version\": \"6bf999e0eb41850d5c857102535d5c53b2ede224\", \"lessThan\": \"f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5\", \"status\": \"affected\", \"versionType\": \"git\"}, {\"version\": \"6bf999e0eb41850d5c857102535d5c53b2ede224\", \"lessThan\": \"3911af778f208e5f49d43ce739332b91e26bc48e\", \"status\": \"affected\", \"versionType\": \"git\"}]}, {\"product\": \"Linux\", \"vendor\": \"Linux\", \"defaultStatus\": \"affected\", \"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"programFiles\": [\"drivers/ufs/core/ufshcd-priv.h\", \"drivers/ufs/core/ufshcd.c\"], \"versions\": [{\"version\": \"6.8\", \"status\": \"affected\"}, {\"version\": \"0\", \"lessThan\": \"6.8\", \"status\": \"unaffected\", \"versionType\": \"semver\"}, {\"version\": \"6.10.5\", \"lessThanOrEqual\": \"6.10.*\", \"status\": \"unaffected\", \"versionType\": \"semver\"}, {\"version\": \"6.11\", \"lessThanOrEqual\": \"*\", \"status\": \"unaffected\", \"versionType\": \"original_commit_for_fix\"}]}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/a4921b76bc9421d3838e167f6a17ea3112d8fe62\"}, {\"url\": \"https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5\"}, {\"url\": \"https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e\"}], \"title\": \"scsi: ufs: core: Fix deadlock during RTC update\", \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}}}, \"cveMetadata\": {\"assignerOrgId\": \"f4215fc3-5b6b-47ff-a258-f7189bd81038\", \"cveID\": \"CVE-2024-44953\", \"requesterUserId\": \"gregkh@kernel.org\", \"serial\": \"1\", \"state\": \"PUBLISHED\"}, \"dataType\": \"CVE_RECORD\", \"dataVersion\": \"5.0\"}"');
+
+-- https://github.com/gardenlinux/glvd/issues/189
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (1, 'gardenlinux', 'ali-gardener_prod', '1877.7', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (2, 'gardenlinux', 'ali-gardener_prod', '1877.8', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (3, 'gardenlinux', 'ali-gardener_prod', 'today', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (4, 'gardenlinux', 'aws-gardener_prod', '1877.7', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (5, 'gardenlinux', 'aws-gardener_prod', '1877.8', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (6, 'gardenlinux', 'aws-gardener_prod', 'today', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (7, 'gardenlinux', 'azure-gardener_prod', '1877.7', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (8, 'gardenlinux', 'azure-gardener_prod', '1877.8', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (9, 'gardenlinux', 'azure-gardener_prod', 'today', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (10, 'gardenlinux', 'gcp-gardener_prod', '1877.7', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (11, 'gardenlinux', 'gcp-gardener_prod', '1877.8', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (12, 'gardenlinux', 'gcp-gardener_prod', 'today', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (13, 'gardenlinux', 'openstack-gardener_prod', '1877.7', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (14, 'gardenlinux', 'openstack-gardener_prod', '1877.8', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (15, 'gardenlinux', 'openstack-gardener_prod', 'today', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (16, 'gardenlinux', 'openstackbaremetal-gardener_prod', 'today', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (17, 'gardenlinux', 'azure-gardener_prod', '2000.0.0', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (18, 'gardenlinux', 'azure-gardener_prod', '2000.1.0', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (19, 'gardenlinux', 'azure-gardener_prod', '1592.3', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (20, 'gardenlinux', 'azure-gardener_prod', '1592.4', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (21, 'gardenlinux', 'azure-gardener_prod', '1592.5', 'local', '{}', '{}');
+INSERT INTO public.image_variant (id, namespace, image_name, image_version, commit_id, metadata, packages) VALUES (22, 'gardenlinux', 'azure-gardener_prod', '1592.7', 'local', '{}', '{}');
+
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (1, 'bind9');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (1, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (1, 'glibc');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (1, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (1, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (1, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (1, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (1, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (1, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (2, 'bind9');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (2, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (2, 'glibc');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (2, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (2, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (2, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (2, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (2, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (2, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (3, 'bind9');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (3, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (3, 'glibc');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (3, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (3, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (3, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (3, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (3, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (3, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (4, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (4, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (4, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (4, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (4, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (4, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (4, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (5, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (5, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (5, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (5, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (5, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (5, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (5, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (6, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (6, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (6, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (6, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (6, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (6, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (6, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (7, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (7, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (7, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (7, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (7, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (7, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (7, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (8, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (8, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (8, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (8, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (8, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (8, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (8, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (9, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (9, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (9, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (9, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (9, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (9, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (9, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (10, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (10, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (10, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (10, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (10, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (10, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (10, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (11, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (11, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (11, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (11, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (11, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (11, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (11, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (12, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (12, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (12, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (12, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (12, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (12, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (12, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (13, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (13, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (13, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (13, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (13, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (13, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (13, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (14, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (14, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (14, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (14, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (14, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (14, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (14, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (15, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (15, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (15, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (15, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (15, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (15, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (15, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (16, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (16, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (16, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (16, 'systemd');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (16, 'systemd-cron');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (16, 'tar');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (16, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (17, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (18, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (19, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (19, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (19, 'python3.12');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (19, 'rsync');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (19, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (20, 'curl');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (20, 'jinja2');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (20, 'python3.12');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (20, 'rsync');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (20, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (21, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (21, 'python3.12');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (21, 'util-linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (22, 'linux');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (22, 'libsoup3');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (22, 'rubygems');
+INSERT INTO public.image_package (image_variant_id, package_name) VALUES (22, 'ruby3.1');
+
+SELECT pg_catalog.setval('public.image_variant_id_seq', 22, true);
diff --git a/start-db-for-app.sh b/start-db-for-app.sh
index a0aed10..63ba8f8 100755
--- a/start-db-for-app.sh
+++ b/start-db-for-app.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 
-podman build -f TestDb.Containerfile -t glvd-postgres-app-image
+podman build -f DevDb.Containerfile -t glvd-postgres-app-image
 podman run --rm --publish 5432:5432 --env POSTGRES_USER=glvd --env POSTGRES_DB=glvd --env POSTGRES_PASSWORD=glvd --name=glvd-postgres-app  localhost/glvd-postgres-app-image:latest