I recommend scanning all of your projects with osv-scanner in non-blocking mode

   # add any dependency file patterns
   osv-scanner -r .

as your projects mature, add osv-scanner as a blocking step to fail your installs before the code gets installed / executed.