Today, the pip-audit tool was released on PyPI. It's a Python tool that uses the Python Packaging Advisory Database (or alternative databases) to check for known vulnerabilities in 3rd-party dependencies.

This would be a useful tool to be able to run against a Pants repo -- a new goal could scan for known vulnerabilities in dependency chains across multiple languages, as the tooling becomes available for those languages.