Dependency-Track

@DependencyTrack

Open Source Supply Chain Component Analysis Platform

Vrijeme pridruživanja: prosinac 2017.

Tweetovi

Blokirali ste korisnika/cu @DependencyTrack

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @DependencyTrack

  1. proslijedio/la je Tweet
    23. sij

    OWASP now flags available package updates. Find the necessary tooling for Mix and Rebar3 projects here

    Prikaži ovu nit
    Poništi
  2. 7. sij

    Dependency-Track v3.7.1 is now available. This release is highly recommend for organizations with a large number of projects or components in their portfolio.

    Poništi
  3. proslijedio/la je Tweet
    31. pro 2019.

    Looking to improve security in 2020? Consider . As points out, it “will be one of THE big cybersecurity issues of 2020”. Also, thread for acknowledging contributors helping to educate and deliver SBOM info and tools. Let’s do this

    Poništi
  4. proslijedio/la je Tweet
    18. pro 2019.
    Poništi
  5. 9. pro 2019.

    Interested in Software Bill-of-Materials but don’t know where to start? Check out Dependency-Track, an open source tool that consumes and analyzes ’s to identify risk in apps, assets, or devices across an org.

    Poništi
  6. 22. stu 2019.

    If you or your organization uses Dependency-Track, consider providing us a bit of feedback and let us know why you’ve chosen to adopt Dependency-Track. Queue the one question survey… Feedback appreciated and anonymous.

    Poništi
  7. proslijedio/la je Tweet

    An initial version of CycloneDX for Composer has been published to Special thanks to for contributing all the code to make this possible. Feedback encouraged prior to release.

    Poništi
  8. proslijedio/la je Tweet

    and community rejoice. has created two CycloneDX build tools that create Software Bill-of-Materials from existing projects. Mix Task: Rebar3:

    Poništi
  9. proslijedio/la je Tweet
    11. stu 2019.

    The Slides 📺 The Repository ♨️ If you want to set up , you can take a look at the talk I gave at last year on that topic

    Prikaži ovu nit
    Poništi
  10. 3. stu 2019.

    Dependency-Track Jenkins plugin v2.2.0 is now available. New in this release is support for trending charts for pipeline jobs and project lookups by name and version for synchronous jobs. Requires Dependency-Track v3.6.0 or higher for project lookup functionality.

    Poništi
  11. 27. lis 2019.

    All CI builds have moved from travis-ci to GitHub Actions. Build status badges have been updated to reflect this change. Building from commits and pull requests will now take place all within GitHub.

    Poništi
  12. proslijedio/la je Tweet
    22. lis 2019.

    Et si vous voulez mettre en place , voici la vidéo de mon talk sur le sujet l'année au

    Prikaži ovu nit
    Poništi
  13. 14. lis 2019.

    The security team from has created a CLI client called “dtrack-audit”. It works similar to “npm audit” but, like Dependency-Track itself, is ecosystem agnostic. Use with to identify vulns at build.

    Poništi
  14. 28. ruj 2019.

    Dependency-Track v3.6 is now available. This release supports , performance improvements, detection of OS and hardware vulns, SVG badges, pub via webhooks, and more. Download: Change Log:

    Poništi
  15. proslijedio/la je Tweet
    23. ruj 2019.

    Just hooked up to automatically create bug reports in for vulnerabilities. So easy with and the Dependency Track web hook notification option.

    Poništi
  16. 11. ruj 2019.

    Here’s a preview of our updated docs which have been greatly enhanced in preparation for the launch of v3.6. Oh, and we have badges!

    Poništi
  17. proslijedio/la je Tweet

    I’ll be around this afternoon. If anyone would like to talk about and software transparency—please reach out / share this.

    Poništi
  18. 10. ruj 2019.

    A VulnDB analyzer will be included in v3.6. This provides the ability to analyze components defined in a for known vulnerabilities. This capability is in addition to the VulnDB mirroring that’s already supported. The new analyzer doesn’t require a mirror. Works directly.

    Poništi
  19. 28. kol 2019.

    Dependency-Track was recently evaluated against commercial vendors in a private bakeoff. Hear from Steve Springett as he dives into his expectations for software supply-chain component analysis, the maturity of the SCA industry, and and .

    Poništi
  20. proslijedio/la je Tweet
    28. kol 2019.

    I’m pleased to announce a new doc project for software maturity. The OWASP Software Component Verification Standard (SCVS). This project aims to normalize component analysis capabilities and concerns. It’s incubating.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·