Vulnerability management

identify total asset base (use nmap and see if it matches librenms and resolve any discrepancies)
perform scans of total asset base (using openvas/lynis/ossim)
manage vulnerability ratings/scope
notify/escalate to appropriate contacts
address the vulns
report metrics (i think the apps provide built in dashboards, may need some light modification)

i think ossim can do all the above ,also lynis/openvas (the three combined should provide complete coverage) (network scan/agent based combination)

librenms is our CMDB currently (for identifying assets/contacts). phpipam is our inventory.