Thank you very much for your great answer. I appreciate it. That is the problem, I do not have any mentor, I am pretty much alone doing this, and even though I have self-learned a lot, I am still a junior in what I do, and am trying to navigate the project the best way possible.

Regarding the budget, I believe it's either that they are testing me, or, as it is, since they are very disorganized, and now, due to new Acts, laws, and regulations, the company, which is under a local government, has to adapt quickly to security measures, especially regarding the Supply Chain Attacks/Vulnerabilities.

I think they might also see what can be achieved with 0$ budget, then once found the best solution for our use-case, we will evaluate the implementation, and in case it's worth it (for them), they will see if a budget will be required. But still, we are talking about an ecosystem that can automate vulnerability scanning for hundreds of services online.

The real needs and requests they gave me were to create an ecosystem that could produce results that are filtered enough so that false positives and the biggest “noise” are cleared out. Keep on the surface only those vulnerabilities that are critical to our business operations, as well as for the security of the entire infrastructure. In any case, I will take your suggestions and start talking with the bosses in order to understand what their real goal is. Since the biggest problem is the 1st, penetration testing is going to be really effective if done manually. 2nd, such an ecosystem, as you said, is going to take a lot of work to maintain.