Dependency-Track Working #1240

bhuvi11 · 2021-10-26T05:12:33Z

bhuvi11
Oct 26, 2021

Hello Team,

I am new to SBOM and Dependency Track.
I started Dependency Track using docker-compose and i am able to see the UI.
The only way i can see vulnerabilities is through importing SBOM ? or can i import the jar for the application?

How different is this from Dependency Check? It also shows the vulnerabilities in the dependencies included in the project

Answered by stevespringett

Oct 26, 2021

The only way i can see vulnerabilities is through importing SBOM?

Correct. Generating build-time SBOMs is a good engineering practice, and requirements of NIST SSDF, OWASP SCVS, and BSIMM

Dependency-Track is a Component Analysis platform. Dependency-Check is an SCA tool.

See: https://docs.dependencytrack.org/odt-odc-comparison/

View full answer

stevespringett · 2021-10-26T14:38:46Z

stevespringett
Oct 26, 2021
Maintainer

The only way i can see vulnerabilities is through importing SBOM?

Correct. Generating build-time SBOMs is a good engineering practice, and requirements of NIST SSDF, OWASP SCVS, and BSIMM

Dependency-Track is a Component Analysis platform. Dependency-Check is an SCA tool.

See: https://docs.dependencytrack.org/odt-odc-comparison/

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependency-Track Working #1240

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Dependency-Track Working #1240

bhuvi11 Oct 26, 2021

Replies: 1 comment

stevespringett Oct 26, 2021 Maintainer

bhuvi11
Oct 26, 2021

stevespringett
Oct 26, 2021
Maintainer