Trivy and Grype will give you a pretty decent idea of what you have for exposure, but you’re at the best of any project for fixing their own issues, or you can contribute updates if accepted.

Really the first line of defense is just securing your comms to the public internet. If you’re running everything internally, you have a lot less to worry about. Nothing will ever be bulletproof though.