Use GitHub Actions to monitor your web apps for free

I don't see a lot of discussion or awareness around software supply chain in the indie hacker community. I have a security background, so maybe I am a little biased in thinking there should be more awareness.

There have been a number of cases where someone compromised a widely used package that was then included as a dependency in many people's downstream projects/products. This is an appealing target for hackers because they can exploit a package once and potentially affect a large number of victims if the package is widely used. This has happened recently in Python, Ruby, and JavaScript packages as well as Docker images.

Anyway, I've built some tools I use to track 3rd party software risk in apps I develop. I cleaned them up and packaged it as an open-source tool for anyone interested in learning more or using it themselves. It runs in your own GitHub account using GitHub Actions for automation.


Hopefully some folks find it useful.

  1. 2

    This is pretty cool (your website looks nice as well!) and useful. I think you went the right path by going open source.

  2. 1

    Thanks for the advice here! Have been curious about poking around github more these days...

Trending on Indie Hackers
I analyzed >1,000 indie SaaS projects and bought 6 for over $15M in total! AMA 42 comments 12 Lessons Learned As A CTO 21 comments Top 20 tools for Startups 11 comments Launch IH: 🎉 Vuestic UI - Free and Open Source UI Library for Vue 3 🎉 11 comments Seeking feedback on MVP. Is value prop obvious? 9 comments Download Product Hunt Upvoters List in 2 Mins 6 comments