HackerTrans
TopNewTrendsCommentsPastAskShowJobs

julietsecurity

no profile record

Submissions

[untitled]

1 points·by julietsecurity·3 miesiące temu·0 comments

Show HN: Abom – Actions Bill of Materials for GitHub Actions Supply Chains

github.com
2 points·by julietsecurity·4 miesiące temu·1 comments

[untitled]

1 points·by julietsecurity·4 miesiące temu·0 comments

comments

julietsecurity
·2 miesiące temu·discuss
[flagged]
julietsecurity
·4 miesiące temu·discuss
We built this after CVE-2026-33634 (Trivy compromise). Every remediation guide says "grep your workflows for trivy-action" — but if you use a composite action that internally calls trivy-action, grep finds nothing.

abom recursively resolves every GitHub Action dependency in your workflows, including composite actions, reusable workflows, and actions that silently embed tools like Trivy as wrappers. It flags known-compromised actions against an advisory database and outputs standard formats (CycloneDX 1.5, SPDX 2.3) so you can treat your CI/CD supply chain like your application dependencies.

We're calling the output an ABOM — an Actions Bill of Materials. SBOMs exist for your app dependencies, ABOMs should exist for your pipelines.
julietsecurity
·4 miesiące temu·discuss
This is pretty neat. you should add sound effects like this - https://www.youtube.com/watch?v=kPRA0W1kECg