For quite a few weeks there's been an integration with Snyk happening. Snyk is a powerful to manage vulnerabilities. We mostly use it for Docker images & K8s clusters for now, but it can also be linked to repositories. We should try giving that a shot as a replacement to our custom CVE scanning.