I host https://www.defectdojo.org/ in my org and send all our scanner results to that, it’s worked very well. I believe Trivy scan results are supported natively too. The only part that took much work was developing a workflow to automatically scan images with Trivy and then send the results to DefectDojo.

FWIW, here’s a link to supported scans. https://documentation.defectdojo.com/integrations/parsers/fi...

To automatically send vulnerability reports from Kubernetes using the trivy-operator, we developed a small operator that does the sending automatically: https://github.com/telekom-mms/trivy-dojo-report-operator

For open source and self-hosted, I've been pretty pleased with openmiko (https://github.com/openmiko/openmiko). I put this on a couple $20-ish wyze cams that are used adhoc right now, but will be combined with frigate and home assistant when I can get ahold of a Coral USB device.