Is there someone doing vulnerability scanning with osquery? e.g. based on installed apps

Most likely, but not aware of anything specifically. osquery is best suited for someone to collect the ground truth about what is is installed, there are a lot of tables that supply name+version of components. If you go here: https://osquery.io/schema/4.3.0/ and CTRL+F for "version" you'll get a good idea of what data is exposed. Then you'll have to marry that data with vulnerability data in some magic backend. This is well beyond the scope of osquery.

@niels Uptycs does offer a commercial service based on usquery that does vuln scanning based on osquery output. Not open source though.

@Jason W / @theopolis: currently talking with them for a trial, since they require a meeting first..

if there are more ways to improve the tables that enumerate packages and updates, those would be in scope for osquery development