$0 Supply-Chain Security Lab

Summary — I hardened a tiny Node.js repo using only free tooling: PR gates (branch protection, Dependency Review, secrets scanning), repo posture checks (OpenSSF Scorecard), SBOM + vulnerability gating (Syft → CycloneDX + Grype), and verifiable build...