Rezultati pretraživanja
  1. 19. srp 2018.

    I’ve looked into SWID and SPDX and neither in their current state are robust enough to be used for software security. So ended up writing because nothing else existed. Support for is crucial in identifying a components ecosystem though.

  2. 19. ožu 2019.

    An wiki article on was just published. Identify and reduce software supply chain risk - this goes well beyond vulnerable components

  3. 14. lis 2019.

    The security team from has created a CLI client called “dtrack-audit”. It works similar to “npm audit” but, like Dependency-Track itself, is ecosystem agnostic. Use with to identify vulns at build.

  4. 26. kol 2019.

    We’re expanding our integration with in v3.6 to include support for analyzing using VulnDB as the source of vulnerability intelligence. Congrats to for consistently identifying thousands of vulnerabilities not included in the NVD.

  5. 9. sij

    I just published an artifact to Central containing a Software Bill-of-Material. This is likely the first artifact on Central to have an released simultaneously with the artifact it describes. Calling others to join.

  6. 4. sij
    Odgovor korisnicima

    It took a bit of trial and error, but I ended up creating a project that produces a large number of dependencies and I’m successfully creating a from them. cc:

  7. 3. sij

    I’m working on a schema extension that would provide the ability to document external services in an . This is a capability I’ve needed for a long time. Anyone interested in this concept is invited to provide feedback and guidance.

  8. Listen to talk about the importance of Software Bill-of-Materials (and Twinkies). Then discover how CycloneDX, an opensource SBOM format, can help.

  9. Video: on , First Impressions and Overview of MATE

  10. A users experience generating and consuming Software Bill of Materials for continuous component analysis.

  11. 28. sij 2019.

    I’m looking for individuals to interview on their respective organizations use of (, , others). What do you use them for, how do you wish they were better, etc. Interview may be done by me or someone else in the working group. DM or reply is interested.

  12. 13. stu 2018.

    Jenkins plugin v2.0 released! This is a major milestone and has the ability to upload or BoMs and get actionable vulnerability intelligence directly in Jenkins. Requires Dependency-Track v3.3.1 (also released today)

  13. 9. stu 2018.

    Indeed. Dependency-Track supports the ingestion of as well as . This is emerging as the new best practice. Create a BOM from your build (or request from your vendors) and import into Dependency-Track for ongoing analysis of known vulns and out-of-date components.

  14. The project is looking for volunteers to assist with the creation of native build plugins, specifically , , and . Spec is easily to understand so impl should not be difficult.

  15. adopters rejoice. You’re already positioned to take advantage of this integration on launch day. Simply use the Node.js or Maven plugin to automatically generate a and import into Dependency-Track.

  16. 19. srp 2018.
    Odgovor korisniku/ci
  17. The plugin creates an aggregate of all dependencies and transitive dependencies of a project and creates a valid CycloneDX bill-of-material document from the results.

  18. 17. sij 2018.

    We now support the ingestion of and bill-of-material formats. Track all dependencies in first party and COTS applications for vulnerabilities across an enterprise portfolio.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.