I should have been clearer about what I want to check for, we are using trivy and audit in our pipelines but it's the server stuff that I need to check manually (old school infra). A subscription service posting a report to Slack every day or week would be perfect, so newreleases.io looks promising!

It would have been so nice if there was a standard way to publish release info, EOL's etc. Everyone seems to do it differently.

Btw, if I were a hacker, roave/security-advisories would be the first package I would try publish backdoors into. 🙂