Overview
Learn about Dependency-Track, an intelligent Software Composition Analysis (SCA) platform, in this 34-minute OWASP Foundation video. Explore how organizations can identify and reduce risks from third-party and open source components using Dependency-Track's bill-of-material approach for continuous component analysis. Discover the platform's integration with multiple vulnerability intelligence sources, including the National Vulnerability Database, NPM Public Advisories, Sonatype OSS Index, and VulnDB. Gain insights into automation options available with the platform, and understand key concepts such as Software Bill of Materials, vulnerability analysis, Package URL, and vulnerability auditing. Access additional resources through the provided links to deepen your knowledge of this powerful SCA tool.
Syllabus
Introduction
Dependency Track
Software Bill of Material
Vulnerability Analysis
Bill of Material Support
Bill of Material
Dependency Tracking
Package URL
Package NPM
Vulnerability List
Vulnerability Audit
Taught by
OWASP Foundation