Ironically, Trivy was the first known compromised package and its purpose is to scan container images to make sure they don't contain vulnerabilities. Kinda like the LLM in your scenario.

Not sure that Trivy was doing that itself but zizmor is probably better than starting with an LLM :

https://github.com/zizmorcore/zizmor