Show HN: GitHub Action to prevent software supply chain attacks

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • Scout APM - Truly a developer’s best friend
  • SonarQube - Static code analysis for 29 languages.
  • talent.io - Download talent.io’s Tech Salary Report
  • harden-runner

    🛡️Security agent for the GitHub-hosted runner to monitor the build process

  • repo

    Thanks for the feedback!

    w.r.t Bypass idea 1: in the future, the plan is to have application level policy, e.g. only allow 'GET https://github.com/owner/repo'.

    w.r.t Bypass idea 2: in the future, the plan is to have a policy to disable sudo. Once that is done, user code will not be able to mess with the agent.

  • Scout APM

    Truly a developer’s best friend. Scout APM is great for developers who want to find and fix performance issues in their applications. With Scout, we'll take care of the bugs so you can focus on building great things 🚀.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts