Vulnerability alerts

Dependabot also has the option to report vulnerability issues. Do you know whether this is included in dependabot-core and if it's possible to include it in this project?

I'm currently using a custom solution that's built on Trivy, it works similar to dependabot-gitlab, but I'm not completely happy with the dependency resolving technique in Trivy, I think Dependabot does it a lot better.