Tweets

You blocked @DependencyTrack

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @DependencyTrack

  1. Retweeted
    Jan 22

    OWASP now flags available package updates. Find the necessary tooling for Mix and Rebar3 projects here

    Show this thread
    Undo
  2. Jan 6

    Dependency-Track v3.7.1 is now available. This release is highly recommend for organizations with a large number of projects or components in their portfolio.

    Undo
  3. Retweeted

    Looking to improve security in 2020? Consider . As points out, it “will be one of THE big cybersecurity issues of 2020”. Also, thread for acknowledging contributors helping to educate and deliver SBOM info and tools. Let’s do this

    Undo
  4. Retweeted
    Undo
  5. Interested in Software Bill-of-Materials but don’t know where to start? Check out Dependency-Track, an open source tool that consumes and analyzes ’s to identify risk in apps, assets, or devices across an org.

    Undo
  6. If you or your organization uses Dependency-Track, consider providing us a bit of feedback and let us know why you’ve chosen to adopt Dependency-Track. Queue the one question survey… Feedback appreciated and anonymous.

    Undo
  7. Retweeted

    An initial version of CycloneDX for Composer has been published to Special thanks to for contributing all the code to make this possible. Feedback encouraged prior to release.

    Undo
  8. Retweeted

    and community rejoice. has created two CycloneDX build tools that create Software Bill-of-Materials from existing projects. Mix Task: Rebar3:

    Undo
  9. Retweeted
    11 Nov 2019

    The Slides 📺 The Repository ♨️ If you want to set up , you can take a look at the talk I gave at last year on that topic

    Show this thread
    Undo
  10. Dependency-Track Jenkins plugin v2.2.0 is now available. New in this release is support for trending charts for pipeline jobs and project lookups by name and version for synchronous jobs. Requires Dependency-Track v3.6.0 or higher for project lookup functionality.

    Undo
  11. All CI builds have moved from travis-ci to GitHub Actions. Build status badges have been updated to reflect this change. Building from commits and pull requests will now take place all within GitHub.

    Undo
  12. Retweeted
    22 Oct 2019

    Et si vous voulez mettre en place , voici la vidéo de mon talk sur le sujet l'année au

    Show this thread
    Undo
  13. The security team from has created a CLI client called “dtrack-audit”. It works similar to “npm audit” but, like Dependency-Track itself, is ecosystem agnostic. Use with to identify vulns at build.

    Undo
  14. Dependency-Track v3.6 is now available. This release supports , performance improvements, detection of OS and hardware vulns, SVG badges, pub via webhooks, and more. Download: Change Log:

    Undo
  15. Retweeted
    23 Sep 2019

    Just hooked up to automatically create bug reports in for vulnerabilities. So easy with and the Dependency Track web hook notification option.

    Undo
  16. Here’s a preview of our updated docs which have been greatly enhanced in preparation for the launch of v3.6. Oh, and we have badges!

    Undo
  17. Retweeted

    I’ll be around this afternoon. If anyone would like to talk about and software transparency—please reach out / share this.

    Undo
  18. A VulnDB analyzer will be included in v3.6. This provides the ability to analyze components defined in a for known vulnerabilities. This capability is in addition to the VulnDB mirroring that’s already supported. The new analyzer doesn’t require a mirror. Works directly.

    Undo
  19. Dependency-Track was recently evaluated against commercial vendors in a private bakeoff. Hear from Steve Springett as he dives into his expectations for software supply-chain component analysis, the maturity of the SCA industry, and and .

    Undo
  20. Retweeted

    I’m pleased to announce a new doc project for software maturity. The OWASP Software Component Verification Standard (SCVS). This project aims to normalize component analysis capabilities and concerns. It’s incubating.

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·