Supply chain & SBOM

Dependency transparency for Workers dashboard bundles.

SBOMs describe composition — they don't certify vulnerability absence.

Artifacts

CI generates CycloneDX JSON SBOMs for the Worker and dashboard package trees and uploads them as workflow artifacts.

Workflow: .github/workflows/compliance-artifacts.yml

Dependency hygiene