I've never found the main issue to be knowing which repositories have out of date/insecure dependencies, but rather actioning those notifications.
At a previous job, the main repository consistently had 100+ dependabot security notifications; it would essentially be a full time job to sift through alerts for all repositories and apply necessary updates.