Add found CVE details to vulnerability alerts

[EHJ-52n]

I want to use the trivy-operator metrics to provide alerts to my users for each image that has at least one HIGH or one CRITICAL CVE in it including the CVE details.

Atm, I am able to send alerts without the CVE details with the following alerting expression:

trivy_image_vulnerabilities{severity=~"High|Critical", namespace="namespace-test"}

In the kube-prometheus-stack values.yaml, I am able to group these alerts by image_registry, image_repository, and image_tag.

How can I enrich these alerts with the output of the metric trivy_vulnerability_id?

I tried the onjoin with group_left, but the problem is, that PromQL won't let me execute joins with many-to-may results.