The first thing that comes to mind is a combination between SBOMs generated for your self-hosted services (trivy, syfy, etc) which are pushed to OWASP Dependency-Track and whenever some vulnebrabilies are detected (note: you'll get lot of notifications if the application is using a lot of libraries), trigger an event (not sure if node red can help here) which would run a script to disabled the vhost. (just a thought. I haven't seen an actual solution)
tuxec
joined 2 years ago
I think distrobox is the distro you are referring to.
I'm available for part-time ๐