The following security tools are used by both attackers & defenders. That's how you know it's good.
These tools go far beyond Dependabot, and can provide far richer details than almost any 3rd party scanning services (e.g. Nessus).
Note: Scorecard supports NPM & Rubygems projects.
Also, there's an easy-to-setup GitHub Action that runs the scorecard report as part of CI workflows.
Ostorlab Scanning Platform is a tool that can scan a target network with extensible & modular plugins.
Prowler is a command line tool that helps you with AWS security assessment, auditing, hardening and incident response.
Note: Prowler is included in other tools such as CS-Suite.
Lynix is a security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening.
Note: Vuls uses a massive set of vulnerability databases.