What are folks doing for vulnerability scanning all of the dependencies in a pants lock file? Before adopting pants we were using Snyk which was scanning poetry.lock files. Open to changing tools. I did write a utility to convert a pants lockfile to a requirements.txt but I’d rather have a native solution if possible.

I use pip-audit by way of https://github.com/pantsbuild/pants/discussions/20368 But that's pretty rough around the edges