Investigate technical possibilities for a standalone (limited) scanner tool

Make it possible to execute the scanner (without provenance) in an offline mode, e.g. for people having drastic public connection policies etc.

IIUC one of the concerns was leaking hashes of internal components to SWH.

The usual answer to this sort of issue when hashes are involved is to have APIs that allow quering for a short enough prefix of the hash to "anonymize" the request, and then the client-side filters the set of results to match against the full hash of the object. Maybe that's not a big change in our APIs.

This is a potentially interesting development of our internal APIs, that might have other applications.

David: I didn't understand from your initial report the full concern. Is what Nicolas mentioned the main concern? Or is there something else?