Settings

Theme

Show HN: SBoM dashboard that pulls from GitHub release assets

sbom.kftray.app

2 points by hcavarsan 5 months ago · 0 comments · 1 min read

Reader

i've been setting up supply chain security for my project kftray. mainly the release workflow ( https://github.com/hcavarsan/kftray/blob/main/.github/workfl... ) is generating CycloneDX SBOMs with Syft, scanning for vulns with Grype, signing everything with Cosign, and using OpenVEX to suppress false positives

i wanted a simple way to expose a overview about all this without spinning up Dependency-Track or similar.

so i built this (public) page that reads directly from GitHub release assets and shows components, vulnerabilities by severity, and also aggregates OpenSSF Scorecard and best practices into a summary card. (https://sbom.kftray.app) basically a simple react/ bun code

source code isn't public yet… if there's interest i'd be happy to open source it…

would love feedback on the approach.

No comments yet.

Keyboard Shortcuts

j
Next item
k
Previous item
o / Enter
Open selected item
?
Show this help
Esc
Close modal / clear selection