Automated Vulnerability Scanning for Homelab Containers with Trivy + AI

If you run Docker containers in a homelab, you have probably wondered how many unpatched CVEs are quietly sitting in your images. I finally stopped wondering and built something to answer that question every week. I put together a GitHub Actions workflow that automatically scans all my homelab container images and generates a categorized vulnerability report as a GitHub Issue. Here is what it does: Dynamic repo discovery -- finds all container repos in the GitHub org automatically. Add a new project and it gets scanned next cycle with zero configuration. Trivy scanning -- pulls every image referenced in docker-compose files and runs HIGH/CRITICAL CVE scans. AI-powered risk assessment -- passes scan results through Claude CLI with environment context. The AI knows which services are internet-facing, which are LAN-only, and which are behind SSO, so it prioritizes findings that actually matter. Structured output -- creates a GitHub Issue with findings sorted into Needs Attention, Informat