How to capture partial packages in SBoM and CVE scans?

Some containers used to build EVE-OS, most notably the eve-fw container, takes a small subset of the Linuxkit firware package.
Today we do not provide a lib/apk/db/installed showing that this depends on (a particular version of) that firmware package. Should we include it? 