6
2 Comments

Use GitHub Actions to monitor your web apps for free

I don't see a lot of discussion or awareness around software supply chain in the indie hacker community. I have a security background, so maybe I am a little biased in thinking there should be more awareness.

There have been a number of cases where someone compromised a widely used package that was then included as a dependency in many people's downstream projects/products. This is an appealing target for hackers because they can exploit a package once and potentially affect a large number of victims if the package is widely used. This has happened recently in Python, Ruby, and JavaScript packages as well as Docker images.

Anyway, I've built some tools I use to track 3rd party software risk in apps I develop. I cleaned them up and packaged it as an open-source tool for anyone interested in learning more or using it themselves. It runs in your own GitHub account using GitHub Actions for automation.

https://driftbot.io/

Hopefully some folks find it useful.

  1. 2

    This is pretty cool (your website looks nice as well!) and useful. I think you went the right path by going open source.

  2. 1

    Thanks for the advice here! Have been curious about poking around github more these days...

Trending on Indie Hackers
I analyzed >1,000 indie SaaS projects and bought 6 for over $15M in total! AMA 42 comments 12 Lessons Learned As A CTO 21 comments Top 20 tools for Startups 11 comments Launch IH: 🎉 Vuestic UI - Free and Open Source UI Library for Vue 3 🎉 11 comments Seeking feedback on MVP. Is value prop obvious? 9 comments Download Product Hunt Upvoters List in 2 Mins 6 comments