Learn about Dependency-Track, an intelligent Software Composition Analysis (SCA) platform, in this 34-minute OWASP Foundation video. Explore how organizations can identify and reduce risks from third-party and open source components using Dependency-Track's bill-of-material approach for continuous component analysis. Discover the platform's integration with multiple vulnerability intelligence sources, including the National Vulnerability Database, NPM Public Advisories, Sonatype OSS Index, and VulnDB. Gain insights into automation options available with the platform, and understand key concepts such as Software Bill of Materials, vulnerability analysis, Package URL, and vulnerability auditing. Access additional resources through the provided links to deepen your knowledge of this powerful SCA tool.
Dependency-Track: Intelligent Software Composition Analysis Platform
Overview
Syllabus
Introduction
Dependency Track
Software Bill of Material
Vulnerability Analysis
Bill of Material Support
Bill of Material
Dependency Tracking
Package URL
Package NPM
Vulnerability List
Vulnerability Audit
Taught by
OWASP Foundation
Related Courses
-
OWASP Dependency Track - Software Composition Analysis and Vulnerability Management
-
OWASP Dependency Track - Fortifying the Software Supply Chain
-
From SBOMs to F-Bombs: Vulnerability Analysis, SCA Tools, and False Positives and Negatives
-
Large-Scale Software Composition Analysis: Uncovering Vulnerable Dependencies in 600 Apps
-
Utilizing Package-URLs for SBOM Management and Vulnerability Tracking
-
OWASP Flagship Projects - OWASP Dependency-Check
