Use GitHub Actions to monitor your web apps for free

I don't see a lot of discussion or awareness around software supply chain in the indie hacker community. I have a security background, so maybe I am a little biased in thinking there should be more awareness.

There have been a number of cases where someone compromised a widely used package that was then included as a dependency in many people's downstream projects/products. This is an appealing target for hackers because they can exploit a package once and potentially affect a large number of victims if the package is widely used. This has happened recently in Python, Ruby, and JavaScript packages as well as Docker images.

Anyway, I've built some tools I use to track 3rd party software risk in apps I develop. I cleaned them up and packaged it as an open-source tool for anyone interested in learning more or using it themselves. It runs in your own GitHub account using GitHub Actions for automation.


Hopefully some folks find it useful.

  1. 2

    This is pretty cool (your website looks nice as well!) and useful. I think you went the right path by going open source.

  2. 1

    Thanks for the advice here! Have been curious about poking around github more these days...

Trending on Indie Hackers
I write Lenny's Newsletter, the #1 paid business newsletter on Substack, generating over $500k ARR. AMA. 42 comments Launched two years ago - didn't go viral - what now? 21 comments I built advanced Stripe Payment Links 8 comments Tell me About Your Startup! + would love to learn how you use issue trackers + documentation software. 5 comments 👾 Centralised and Decentralised exchanges… what's the difference? 3 comments Considering Cold Mailing? Here's My Personal Experience! 📧 1 comment