Late docker scan

docker scan appears to fail for local images. This significantly hinders its usefulness as a security tool; It can’t be used to scan an image before publishing the image to a registry. The -f option doesn’t appear to help. docker scan continues to emit generic error messages about missing manifests.

As a workaround, one could publish draft image hashes to a registry. But that’s rather slow and wasteful. Please fix Snyk integration so that images can be scanned from the local registry (better yet, buildx caches, too!) for a more intuitive workflow. The easier it becomes to scan our images, the more secure our images will be.