I’m having trouble staying on top of updates for my self hosted applications and infrastructure. Not everything has auto updates baked in and some things you may not want to auto update. How do y’all handle this? How do you keep track of vulnerabilities? Are there e.g. feeds for specific applications I can subscribe to via RSS or email?
Trivy and Grype will give you a pretty decent idea of what you have for exposure, but you’re at the behest of any project for fixing their own issues, or you can contribute updates if accepted.
Really the first line of defense is just securing your comms to the public internet. If you’re running everything internally, you have a lot less to worry about. Nothing will ever be bulletproof though.