Monitor dependencies regularly and send notifications
With the integration of bundler-audit as a pipeline job the check for vulnerable dependencies is only checked when a commit triggers the pipeline. See b8ad3454.
For regular checks - e. g. weekly - a cron job or something similar would be useful, since there are times without frequent commits.
It would also be useful, if the schleuder dev team receives email notifications if vulnerabilities are found.
Relates: #22 (closed)