| Tweetovi |
| Dependency-Track proslijedio/la je tweet | ||
|
Bram Verburg
@voltonez
|
23. sij |
|
OWASP @DependencyTrack now flags available @hexpm package updates. Find the necessary tooling for Mix and Rebar3 projects here hex.pm/packages?searc… pic.twitter.com/HMeAAv5GAx
|
||
|
|
||
|
Dependency-Track
@DependencyTrack
|
7. sij |
|
Dependency-Track v3.7.1 is now available.
This release is highly recommend for organizations with a large number of projects or components in their portfolio.
docs.dependencytrack.org/changelog/
|
||
|
|
||
| Dependency-Track proslijedio/la je tweet | ||
|
Steve Springett
@stevespringett
|
31. pro |
|
Looking to improve #SoftwareSupplyChain security in 2020? Consider #SBOM.
As @allanfriedman points out, it “will be one of THE big cybersecurity issues of 2020”.
Also, thread for acknowledging contributors helping to educate and deliver SBOM info and tools.
Let’s do this twitter.com/allanfriedman/…
|
||
|
|
||
| Dependency-Track proslijedio/la je tweet | ||
|
Steve Springett
@stevespringett
|
19. pro |
|
If you’re into #SoftwareSupplyChain and want to join a #hackathon where you’re using comply-to-connect to retrieve #CycloneDX or #SPDX SBOMs and real-time analysis, this could be a lot of fun.
Info:
github.com/oasis-tcs/open…
#SBOM Details:
github.com/oasis-tcs/open…
#HappyHacking twitter.com/MdMisi/status/…
|
||
|
|
||
|
Dependency-Track
@DependencyTrack
|
16. pro |
|
@OWASP Dependency-Track v3.7 now available.
This release includes:
- Support for internal components
- Increased precision of CPE analysis
- SVG badge improvements
- Hex repo support for #Erlang and #ElixirLang
- Bug fixes
docs.dependencytrack.org/2019/12/16/v3.…
#SBOM #SoftwareSupplyChain pic.twitter.com/Gu2rQWyAXT
|
||
|
|
||
|
Dependency-Track
@DependencyTrack
|
9. pro |
|
Interested in Software Bill-of-Materials but don’t know where to start?
Check out #OWASP Dependency-Track, an open source tool that consumes and analyzes #SBOM’s to identify risk in apps, assets, or devices across an org.
dependencytrack.org
#SoftwareSupplyChain
|
||
|
|
||
|
Dependency-Track
@DependencyTrack
|
22. stu |
|
If you or your organization uses Dependency-Track, consider providing us a bit of feedback and let us know why you’ve chosen to adopt Dependency-Track.
Queue the one question survey…
surveymonkey.com/r/DHYMRT9
Feedback appreciated and anonymous.
|
||
|
|
||
| Dependency-Track proslijedio/la je tweet | ||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
20. stu |
|
An initial version of CycloneDX for #PHP Composer has been published to #Packagist
packagist.org/packages/cyclo…
Special thanks to @nscur0 for contributing all the code to make this possible. Feedback encouraged prior to release.
#SBOM #SoftwareSupplyChain #SCRM
|
||
|
|
||
| Dependency-Track proslijedio/la je tweet | ||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
20. stu |
|
#Erlang and #ElixirLang community rejoice. @voltonez has created two CycloneDX build tools that create Software Bill-of-Materials from existing projects.
Mix Task:
hex.pm/packages/sbom
Rebar3:
hex.pm/packages/rebar…
#SBOM #SoftwareSupplyChain #SCRM
|
||
|
|
||
| Dependency-Track proslijedio/la je tweet | ||
|
Julien Topçu
@JulienTopcu
|
12. stu |
|
The Slides 📺 slides.com/julientopcu/ho…
The Repository ♨️ gitlab.com/crafts-records…
If you want to set up @DependencyTrack, you can take a look at the talk I gave at @devoxx last year on that topic
youtu.be/UrsjeR-tGrg
|
||
|
|
||
|
Dependency-Track
@DependencyTrack
|
4. stu |
|
Dependency-Track Jenkins plugin v2.2.0 is now available.
New in this release is support for trending charts for pipeline jobs and project lookups by name and version for synchronous jobs.
Requires Dependency-Track v3.6.0 or higher for project lookup functionality.
|
||
|
|
||
|
Dependency-Track
@DependencyTrack
|
27. lis |
|
All CI builds have moved from travis-ci to GitHub Actions.
Build status badges have been updated to reflect this change. Building from commits and pull requests will now take place all within GitHub.
|
||
|
|
||
| Dependency-Track proslijedio/la je tweet | ||
|
Julien Topçu
@JulienTopcu
|
22. lis |
|
Et si vous voulez mettre en place @DependencyTrack, voici la vidéo de mon talk sur le sujet l'année au #DevFestNantes
youtu.be/barK5AmxpT8
|
||
|
|
||
|
Dependency-Track
@DependencyTrack
|
14. lis |
|
The security team from @Ozon_ru has created a CLI client called “dtrack-audit”. It works similar to “npm audit” but, like Dependency-Track itself, is ecosystem agnostic. Use with #CycloneDX to identify vulns at build.
github.com/ozonru/dtrack-…
#opensource #sbom #appsec #owasp pic.twitter.com/T3xOfkd4rY
|
||
|
|
||
|
Dependency-Track
@DependencyTrack
|
29. ruj |
|
#OWASP Dependency-Track v3.6 is now available.
This release supports #VulnDB, performance improvements, detection of OS and hardware vulns, SVG badges, #SBOM pub via webhooks, and more.
Download:
dependencytrack.org
Change Log:
docs.dependencytrack.org/changelog/
#AppSec #DevSecOps pic.twitter.com/iHVSH3rtcd
|
||
|
|
||
| Dependency-Track proslijedio/la je tweet | ||
|
Patrick Dwyer
@coderPatros
|
23. ruj |
|
Just hooked up @DependencyTrack to automatically create bug reports in #AzureDevOps for vulnerabilities. So easy with #AzureLogicApps and the Dependency Track web hook notification option.
|
||
|
|
||
|
Dependency-Track
@DependencyTrack
|
12. ruj |
|
Here’s a preview of our updated docs which have been greatly enhanced in preparation for the launch of v3.6.
Oh, and we have badges! pic.twitter.com/bnhwVaF1qy
|
||
|
|
||
| Dependency-Track proslijedio/la je tweet | ||
|
Allan Friedman will be missing Shmoo this year
@allanfriedman
|
11. ruj |
|
I’ll be around #GlobalAppsec this afternoon. If anyone would like to talk about #SBoM and software transparency—please reach out / share this.
|
||
|
|
||
|
Dependency-Track
@DependencyTrack
|
10. ruj |
|
A VulnDB analyzer will be included in v3.6. This provides the ability to analyze components defined in a #SBOM for known vulnerabilities.
This capability is in addition to the VulnDB mirroring that’s already supported.
The new analyzer doesn’t require a mirror. Works directly. pic.twitter.com/6jvsMVUfPh
|
||
|
|
||
|
Dependency-Track
@DependencyTrack
|
28. kol |
|
Dependency-Track was recently evaluated against commercial vendors in a private #SCA bakeoff. Hear from Steve Springett as he dives into his expectations for software supply-chain component analysis, the maturity of the SCA industry, and #SBOM and #SoftwareTransparency. twitter.com/edgeroute/stat…
|
||
|
|
||