6
2 Comments

Use GitHub Actions to monitor your web apps for free

I don't see a lot of discussion or awareness around software supply chain in the indie hacker community. I have a security background, so maybe I am a little biased in thinking there should be more awareness.

There have been a number of cases where someone compromised a widely used package that was then included as a dependency in many people's downstream projects/products. This is an appealing target for hackers because they can exploit a package once and potentially affect a large number of victims if the package is widely used. This has happened recently in Python, Ruby, and JavaScript packages as well as Docker images.

Anyway, I've built some tools I use to track 3rd party software risk in apps I develop. I cleaned them up and packaged it as an open-source tool for anyone interested in learning more or using it themselves. It runs in your own GitHub account using GitHub Actions for automation.

https://driftbot.io/

Hopefully some folks find it useful.

  1. 2

    This is pretty cool (your website looks nice as well!) and useful. I think you went the right path by going open source.

  2. 1

    Thanks for the advice here! Have been curious about poking around github more these days...

Trending on Indie Hackers
Case Study: How We Grew Pixelied from 0 to 24,000 Monthly Organic Traffic in 8 Months [Step-by-Step Blueprint] 23 comments I make $200,000/year through WordPress' 'add order notes' field 17 comments I wrote a MASSIVE guide on how to test your startup idea with a market research survey. Graphs, diagrams, videos — it's all here for free. 7 comments Online Cohort Based Courses 2 comments Need help monetizing my 220K instagram page 1 comment The freedom to quit 1 comment