How I built an automated SBOM scanner to secure my supply chain 🛡️

BALASANJEEV C — Sun, 14 Jun 2026 06:42:49 +0000

Supply chain security is terrifying right now. With new vulnerabilities popping up daily and governments mandating compliance (like the EU CRA and US Executive Orders), I realized my open-source projects were completely flying blind.

I needed a Software Bill of Materials (SBOM) to track exactly what dependencies I was shipping. But every tool I found was either a massive enterprise platform or a clunky CLI tool that took forever to set up.

So, I built my own. It's called Deptic.

🏗️ The Architecture

I wanted the developer experience to be completely frictionless: you paste a GitHub URL, and it instantly spits out a compliant SBOM and highlights any critical CVEs.

Here is the tech stack I went with:

Next.js 14 (App Router): For a lightning-fast React frontend and seamless API routes.
Go (Golang): The backend scanning engine. Go's incredible concurrency allows it to parse massive dependency trees in milliseconds.
Supabase: For database management and instant authentication.
Tailwind CSS: Because writing raw CSS is pain.

🧩 The Hardest Part: Dependency Resolution

Building the UI was easy. Parsing package.json or go.mod files? Also easy.

The hardest part was recursively walking down the dependency tree to find transitive dependencies (the dependencies of your dependencies). I had to write custom parsers that could speak to the NPM registry, PyPI, and Maven Central simultaneously to map out the entire tree and cross-reference them with global CVE databases in real-time.

🚀 The Result

What started as a weekend script turned into a full platform. Deptic now supports:

Instant scanning of public GitHub repos.
Generating perfectly compliant CycloneDX (1.5) and SPDX (2.3) JSON files.
Live CVE vulnerability detection.

Try it out!

If you want to see exactly what dependencies are hiding in your codebase, you can run a free scan here:
👉 deptic.netlify.app

It's completely free for developers. I would love to get your brutal feedback on the UI, the scanning speed, or any feature requests you have!

Have you implemented SBOMs in your workflow yet? Let me know in the comments!

I Built a Full-Stack Social Media Web App as a Student (Looking for Feedback)

BALASANJEEV C — Tue, 10 Feb 2026 14:37:36 +0000

Hi everyone 👋

I’m a Computer Science student and I recently built a full-stack social media web app called SocialPlanet.

It allows users to create posts, like and comment, and interact through a clean and responsive interface.

Tech Stack

React, JavaScript, Material UI
Node.js, Express
MongoDB

Live Demo

https://socialsplanet.netlify.app/

I’m looking for honest feedback on the UI, features, and overall experience.

Any suggestions or improvements are welcome. Thanks!

DEV Community: BALASANJEEV C

How I built an automated SBOM scanner to secure my supply chain 🛡️

🏗️ The Architecture

🧩 The Hardest Part: Dependency Resolution

🚀 The Result

Try it out!

[Boost]

I Built a Full-Stack Social Media Web App as a Student (Looking for Feedback)

BALASANJEEV C ・ Feb 10

I Built a Full-Stack Social Media Web App as a Student (Looking for Feedback)

Tech Stack

Live Demo