PHP devs: is there an equivalent to `npm audit` that automatically checks for security vulnerabilities in these hundreds of packages/dependencies that we all install all the time?

(I'd assume that large companies must have a process for this)