How I built an automated SBOM scanner to secure my supply chain 🛡️

Supply chain security is terrifying right now. With new vulnerabilities popping up daily and...

domenica 14 giugno 2026 New tab

321 words~1 min read

Supply chain security is terrifying right now. With new vulnerabilities popping up daily and governments mandating compliance (like the EU CRA and US Executive Orders), I realized my open-source projects were completely flying blind.

I needed a Software Bill of Materials (SBOM) to track exactly what dependencies I was shipping. But every tool I found was either a massive enterprise platform or a clunky CLI tool that took forever to set up.

So, I built my own. It's called Deptic.

I wanted the developer experience to be completely frictionless: you paste a GitHub URL, and it instantly spits out a compliant SBOM and highlights any critical CVEs.

Here is the tech stack I went with:

How I built an automated SBOM scanner to secure my supply chain 🛡️

How I built an automated SBOM scanner to secure my supply chain 🛡️

Other newsrooms on this story

Related reading

Reduce supply chain risk with SBOM-based dependency scanning

Why I Built Open Source Civil Defense — A Safe Space for Attacked Maintainers

Rethinking Post-Deployment Vulnerability Detection | OpenSSF

How to Make AI BOMs Usable in a Modern Security Program

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

How CISOs Should Prep for Agentic-Ready AI BOMs

Other newsrooms on this story

Related reading

Reduce supply chain risk with SBOM-based dependency scanning

Why I Built Open Source Civil Defense — A Safe Space for Attacked Maintainers

Rethinking Post-Deployment Vulnerability Detection | OpenSSF

How to Make AI BOMs Usable in a Modern Security Program

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

How CISOs Should Prep for Agentic-Ready AI BOMs