Overview
Explore the OWASP Dependency Track project in this 25-minute conference talk by Steve Springett. Gain insights into software supply chain security and learn about the Software Bill of Materials (SBOM) concept. Discover how Dependency Track utilizes CycloneDX to manage and analyze dependencies, and understand its typical workflow through a live demonstration. Examine features such as time series analysis, component tracking, dependency graphs, and the policy engine. Enhance your knowledge of open-source security practices and tools endorsed by the OWASP Foundation.
Syllabus
Intro
Background
Dependency Track
Software Bill Material
Cyclonedx
What does it do
Typical workflow
Demo
Time Series
Number of Components
List of Ingredients
Dependency Graph
Stock Quotes
Policy Engine
Taught by
OWASP Foundation