What's your favorite tool or method of securing 3rd party packages against vulnerabilities, "supply chain attacks", and malicious packages in a #dotnet, #javascript and #Docker / #Kubernetes setting?

Is it #Snyk, #FOSSA, #SonarQube / #SonarCloud, or something else entirely?

Boosts and recommendations highly appreciated. 🙏