+1, I think PyPA is the most appropriate home, even if not integrated with pip.

On Wed, Aug 24, 2022 at 5:35 PM Dustin Ingram <di@python.org> wrote:
I'd like to propose the transfer of the following projects to the PyPA org:

https://github.com/trailofbits/pip-audit/
https://github.com/trailofbits/gh-action-pip-audit/

More background for these projects and the long-term plan for them is here: https://discuss.python.org/t/towards-a-pip-audit-subcommand-for-vulnerability-analysis-management/17681. We are still hoping to more closely integrate pip-audit with pip, but for now, the PyPA is a much more appropriate home for these projects, and will join https://github.com/pypa/advisory-database, which they use. 

This would add two existing maintainers of these projects (William Woodruff and Alex Cameron) as PyPA committers, in addition to myself.

Per PEP 609:

> The proposal will be put to a vote on the PyPA-Committers mailing list, over a 7-day period. Each PyPA committer can vote once, and can choose one of +1 and -1. If at least two thirds of recorded votes are +1, then the vote succeeds.
_______________________________________________
PyPA-Committers mailing list -- pypa-committers@python.org
To unsubscribe send an email to pypa-committers-leave@python.org
https://mail.python.org/mailman3/lists/pypa-committers.python.org/
Member address: ofekmeister@gmail.com