First, thanks all for the great tool and all the hard work. Really fantastic stuff.

What would you like to be added:
Presently, there is no so-called "image support" (as discussed in here) for composer.

What I would like to see added is support for the ./vendor/composer/installed.json file, which is a statement of what is actually installed (rather than, with composer.lock what should be installed - see this github discussion).

Why is this needed:
This is needed because presently we're not scanning images for php-packages.