Child pages
  • OWASP Dependency-Track Plugin
Skip to end of metadata
Go to start of metadata

Plugin Information

View OWASP Dependency-Track on the plugin site for more information.


Description

Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components. 


It integrates with multiple vulnerability databases including the National Vulnerability Database (NVD), NPM Public AdvisoriesSonatype OSS Index, and VulnDB from Risk Based Security. Dependency-Track monitors all applications in its portfolio in order to proactively identify vulnerabilities in components that are placing your applications at risk. Use of Dependency-Track can play a vital role in an overall Cyber Supply Chain Risk Management (C-SCRM) program by fulfilling many of the recommendations laid out by SAFECode.


Dependency-Track is designed to be used in an automated DevOps environment where software bill-of-material (S-BoM) formats are automatically ingested during CI/CD. Use of this plugin is highly recommended for this purpose and is well suited for use in Jenkins Pipeline. In such an environment, Dependency-Track enables your DevOps teams to accelerate while still keeping tabs on component usage and any inherited risk.


The Dependency-Track Jenkins plugin aids in publishing CycloneDX and SPDX BoMs as well as Dependency-Check XML reports to the Dependency-Track platform.



External Resources

https://dependencytrack.org/

https://docs.dependencytrack.org/

https://github.com/DependencyTrack

https://hub.docker.com/r/owasp/dependency-track/


Version History

Version 1.0.0 (September 17, 2018)