HackerTrans
TopNewTrendsCommentsPastAskShowJobs

julietsecurity

no profile record

Submissions

[untitled]

1 points·by julietsecurity·3 เดือนที่ผ่านมา·0 comments

Show HN: Abom – Actions Bill of Materials for GitHub Actions Supply Chains

github.com
2 points·by julietsecurity·4 เดือนที่ผ่านมา·1 comments

[untitled]

1 points·by julietsecurity·4 เดือนที่ผ่านมา·0 comments

comments

julietsecurity
·2 เดือนที่ผ่านมา·discuss
[flagged]
julietsecurity
·4 เดือนที่ผ่านมา·discuss
We built this after CVE-2026-33634 (Trivy compromise). Every remediation guide says "grep your workflows for trivy-action" — but if you use a composite action that internally calls trivy-action, grep finds nothing.

abom recursively resolves every GitHub Action dependency in your workflows, including composite actions, reusable workflows, and actions that silently embed tools like Trivy as wrappers. It flags known-compromised actions against an advisory database and outputs standard formats (CycloneDX 1.5, SPDX 2.3) so you can treat your CI/CD supply chain like your application dependencies.

We're calling the output an ABOM — an Actions Bill of Materials. SBOMs exist for your app dependencies, ABOMs should exist for your pipelines.
julietsecurity
·4 เดือนที่ผ่านมา·discuss
This is pretty neat. you should add sound effects like this - https://www.youtube.com/watch?v=kPRA0W1kECg