Managing CVE security vulnerabilities is crucial for maintaining the security posture of software supply chains, as highlighted by recent high-profile breaches. The combination of Grafana, MergeStat, and OSV-Scanner provides a comprehensive open-source solution for vulnerability reporting and monitoring in source code. MergeStat facilitates the synchronization of vulnerability scan results from OSV-Scanner into a PostgreSQL database, allowing for data visualization through Grafana dashboards. These dashboards offer insights into the total count of vulnerabilities, their severity, and distribution across repositories, enabling organizations to prioritize mitigations effectively. By integrating these tools, teams can adopt a "shift-left" approach, running security checks in CI pipelines to prevent insecure code from being deployed. This solution empowers organizations to understand their CVE exposure, focus on critical vulnerabilities, and streamline the process of applying necessary mitigations.