What is Dependency Track? Explained in Detail.

What is Dependency Track? Explained in Detail.

Dependency-Track is an intelligent component analysis platform that allows organizations to identify and mitigate risk in the software supply chain. Dependency-Track software takes a unique and highly beneficial approach by leveraging the capabilities of Bill of Materials (SBOM). Dependency-Track monitors component usage across all versions of every application in its portfolio to proactively identify risk across an organization. The platform has an API-first design and is ideal for use in CI/CD environments

Features:

Component support for:

1. Frameworks
2. Operating systems
3. Applications
4. Containers
5. Libraries
6. Firmware
7. Files
8. Hardware
9. Components with known vulnerabilities
10. Quickly identify what is affected, and where
11. Identifies multiple forms of risk including
12. License risk
13. Out-of-date components
14. Modified components
15. NPM Public Advisories
16. Tracks component usage across each application in the organization portfolio

More coming soon…

Integrates with multiple sources of vulnerability intelligence including:

1. National Vulnerability Database (NVD)
2. Sonatype OSS Index
3. VulnDB from Risk Based Security
4. More coming soon.
5. Powerful policy engine with support for global and per-project policies
6. Security risk and compliance
7. License risk and compliance
8. Operational risk and compliance
9. Ecosystem agnostic with built-in repository support for:
10. Cargo (Rust)
11. Composer (PHP)
12. Gems (Ruby)
13. Hex (Erlang/Elixir)
14. Maven (Java)
15. NPM (Javascript)
16. NuGet (.NET)
17. Pypi (Python)

More coming soon.

Identifies APIs and external service components including:

1. Service provider
2. Endpoint URIs
3. Data classification
4. Directional flow of data
5. Trust boundary traversal
6. Authentication requirements
7. Includes a comprehensive auditing workflow for triaging results
8. Configurable notifications supporting Slack, Microsoft Teams, webhooks, and email Support
9. standardized SPDX license IDs and track license usage by component
10. Supports importing CycloneDX Software Bill of Materials (SBOM)
11. Easy to read metrics for components, projects and portfolios Native support for Kenna Security,
12. Fortify SSC, ThreadFix and DefectDojo
13. API-first design facilitates easy integration with other systems
14. API documentation available in OpenAPI format
15. OAuth 2.0 + OpenID Connect (OIDC) support for single sign-on (authN/authZ)
16. Supports internally managed users, Active Directory/LDAP, and API Keys
17. Simple to install and configure. Get up and running in just minutes

Read Also-Features of Java Programming

Components:

API Server:

The API server includes an embedded Jetty server and all server-side functionality, but does not include a frontend user interface. This variant is new as of Dependency-Track v4.0.

Frontend:

The frontend is a user interface that is accessible in a web browser. The frontend is a single page application (SPA) that can be deployed independently of the dependency-tracked API server.This variant is new as of Dependency-Track v3.8.

Bundled:

The bundle variant combines the API server and frontend user interface.This variant was previously referred to as the executable war and was the preferred distribution from Dependency-Track v3.0 – v3.8. This version is supported but obsolete and will be discontinued in a future release.

Hope you like this blog….

• Author
• Recent Posts

Mahesh Wabale

Admin at DevOpsLover.com

Mahesh Wabale is the admin & author of this blog, Technology enthusiast with interest in DevOps, CICD, Spring Boot, Microservices Architecture He has more than 7 years of experience in IT industry, programming language and development stuff. He loves to share his experience with his blog.

Latest posts by Mahesh Wabale (see all)

• AnchorSetup using Docker-Compose - October 18, 2024
• Devops assignment - October 17, 2024
• Deployment of vault HA using MySQL - September 18, 2024