Launching the Julia Security Working Group
julialang.org GeneralMetadata.jl: JLL and Artifact Component analysis
The Go ecosystem has achieved something amazing here with govulncheck[0] and I would love to see more programming languages introduce such capabilties. For those who are unaware, govulncheck provides a software component analysis (SCA) and dynamic/static applilcation security test (DAST/SAST) capability. It's directly supported by the Go project and so far I have not found this in any other ecosystem at a comparable level of integration.
Govulncheck reports known vulnerabilities that affect Go code. It uses static analysis of source code or a binary's symbol table to narrow down reports to only those that could affect the application.
By default, govulncheck makes requests to the Go vulnerability database at https://vuln.go.dev. Requests to the vulnerability database contain only module paths with vulnerabilities already known to the database, not code or other properties of your program. See https://vuln.go.dev/privacy.html for more. Use the -db flag to specify a different database, which must implement the specification at https://go.dev/security/vuln/database.