I'm currently watching this repository (which is a great idea!), but get notifications for unrelated dependency updates too (from dependabot). Is it possible to make a release every time a advisory is posted? One could then only subscribe to releases. It might even be possible to automate this process when a release is posted using GitHub Actions.

I would definitely accept a PR that added an action to do that. Longer term I'd like to add support for Elixir to github.com/advisories so following advisories gets easier.

This seems very relevant: #2 (comment)

I'm closing this, as the missing plumbing between the advisory DB and generating alerts isn't really relevant to this repo, which is more of a "poor man's advisory DB".

We've already got an internal issue tracking adding this plumbing, but given all the things on that team's plate, I doubt that will be high priority anytime soon.