6
2 Comments

Use GitHub Actions to monitor your web apps for free

I don't see a lot of discussion or awareness around software supply chain in the indie hacker community. I have a security background, so maybe I am a little biased in thinking there should be more awareness.

There have been a number of cases where someone compromised a widely used package that was then included as a dependency in many people's downstream projects/products. This is an appealing target for hackers because they can exploit a package once and potentially affect a large number of victims if the package is widely used. This has happened recently in Python, Ruby, and JavaScript packages as well as Docker images.

Anyway, I've built some tools I use to track 3rd party software risk in apps I develop. I cleaned them up and packaged it as an open-source tool for anyone interested in learning more or using it themselves. It runs in your own GitHub account using GitHub Actions for automation.

https://driftbot.io/

Hopefully some folks find it useful.

  1. 2

    This is pretty cool (your website looks nice as well!) and useful. I think you went the right path by going open source.

  2. 1

    Thanks for the advice here! Have been curious about poking around github more these days...

Trending on Indie Hackers
I write Lenny's Newsletter, the #1 paid business newsletter on Substack, generating over $500k ARR. AMA. 42 comments Launched two years ago - didn't go viral - what now? 21 comments I built advanced Stripe Payment Links 8 comments Tell me About Your Startup! + would love to learn how you use issue trackers + documentation software. 5 comments 👾 Centralised and Decentralised exchanges… what's the difference? 3 comments Considering Cold Mailing? Here's My Personal Experience! 📧 1 comment