Dependencies check for software is very important thing to catch vulnerabilities as fast as possible.
Most popular ones in industry is Snyk and Dependabot(GitHub) Snyk Scans:
Also, popular alternative is to use AquaSecurity open source tool: Trivy Have GitHub Actions, good integration with GitHub Security section.