Explore the OWASP Dependency Track project in this 25-minute conference talk by Steve Springett. Gain insights into software supply chain security and learn about the Software Bill of Materials (SBOM) concept. Discover how Dependency Track utilizes CycloneDX to manage and analyze dependencies, and understand its typical workflow through a live demonstration. Examine features such as time series analysis, component tracking, dependency graphs, and the policy engine. Enhance your knowledge of open-source security practices and tools endorsed by the OWASP Foundation.
OWASP Dependency Track - Software Composition Analysis and Vulnerability Management
Overview
Syllabus
Intro
Background
Dependency Track
Software Bill Material
Cyclonedx
What does it do
Typical workflow
Demo
Time Series
Number of Components
List of Ingredients
Dependency Graph
Stock Quotes
Policy Engine
Taught by
OWASP Foundation
Related Courses
-
Supply Chain Risk Management with OWASP Dependency-Check
-
OWASP CycloneDX - Software Bill of Materials Standard
-
SBOM SmackDown - Conquering Software Supply Chain Risks with OWASP CycloneDX
-
Dependency-Track: Intelligent Software Composition Analysis Platform
-
OWASP Dependency Track - Fortifying the Software Supply Chain
-
Software Bill of Materials (S-BoM) - Reducing Risk in Third-Party Components
