Show HN: Abom – Actions Bill of Materials for GitHub Actions Supply Chains(github.com)
github.com
Show HN: Abom – Actions Bill of Materials for GitHub Actions Supply Chains
https://github.com/JulietSecurity/abom
https://github.com/JulietSecurity/abom
abom recursively resolves every GitHub Action dependency in your workflows, including composite actions, reusable workflows, and actions that silently embed tools like Trivy as wrappers. It flags known-compromised actions against an advisory database and outputs standard formats (CycloneDX 1.5, SPDX 2.3) so you can treat your CI/CD supply chain like your application dependencies.
We're calling the output an ABOM — an Actions Bill of Materials. SBOMs exist for your app dependencies, ABOMs should exist for your pipelines.