Use GitHub Actions to monitor your web apps for free

I don't see a lot of discussion or awareness around software supply chain in the indie hacker community. I have a security background, so maybe I am a little biased in thinking there should be more awareness.

There have been a number of cases where someone compromised a widely used package that was then included as a dependency in many people's downstream projects/products. This is an appealing target for hackers because they can exploit a package once and potentially affect a large number of victims if the package is widely used. This has happened recently in Python, Ruby, and JavaScript packages as well as Docker images.

Anyway, I've built some tools I use to track 3rd party software risk in apps I develop. I cleaned them up and packaged it as an open-source tool for anyone interested in learning more or using it themselves. It runs in your own GitHub account using GitHub Actions for automation.


Hopefully some folks find it useful.

  1. 2

    This is pretty cool (your website looks nice as well!) and useful. I think you went the right path by going open source.

  2. 1

    Thanks for the advice here! Have been curious about poking around github more these days...

Trending on Indie Hackers
Case Study: How We Grew Pixelied from 0 to 24,000 Monthly Organic Traffic in 8 Months [Step-by-Step Blueprint] 23 comments I make $200,000/year through WordPress' 'add order notes' field 17 comments I wrote a MASSIVE guide on how to test your startup idea with a market research survey. Graphs, diagrams, videos — it's all here for free. 7 comments Online Cohort Based Courses 2 comments Need help monetizing my 220K instagram page 1 comment The freedom to quit 1 comment