Hi Benjamin,
this sounds like a great idea!
I am not really sure if a common parent POM really helps here.
I would like to see this effort in a bigger security effort though. Because I do think that especially for IoT, security is an important topic. Offering such a service is great. But actually encouraging projects to make use of it may be the harder part. And this scanner is only one part of this (but an important one). We also have the issue of default passwords, missing information about how to report security issues on project's homepages, etc.
So I do know that this may drift a bit off topic now, but aside from offering this service for our projects, I think it would be great to have something like an "Eclipse Security program", with a logo/shield/badge and some sort of reference list etc, where projects can join in if they follow some guidelines. One of those guidelines would be providing a security scan with this tool for each release (in a technical way the like best), stop using default passwords, etc ...