I hacked together a script to collect pkgaudit data with Xymon and potentially alert when one of your servers has vulnerable packages installed. It can also optionally run pkgaudit against all of your jails on the server in case you don't want to have a separate xymon-client in each jail. The jails can be filtered out with grep and by default ignore jails with "poudriere" in the name or path as those are short lived and would be false positives. I'm considering having it be installed by default with the net-mgmt/xymon-client port and I'm also unsure if I should enable it by default.
The data output is simple and could probably be improved, but it seems to serve the purpose well enough. I've also thrown it on github so if anyone cares enough to tweak and tune it I'll certainly be interested in your changes.
https://github.com/feld/xymon-ext-scripts/
Cheers!