Set up automated dependency scanning after the recent npm/PyPI supply chain attacks

The post mentions recent incidents, including the Axios npm account hijack, LiteLLM PyPI poisoning, and a coordinated npm/PyPI/Docker Hub campaign in April. The author replaced manual npm audit checks with Dependency-Track, an OWASP open-source tool that monitors uploaded SBOMs against NVD, OSS Index, GitHub Advisories, and other sources. They described setting it up on Hetzner using Docker, Traefik for HTTPS, and GitHub Actions to auto-generate and upload SBOMs on every push.