Detecting application vulnerabilities in container images