home.social

#dependencytrack — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #dependencytrack, aggregated by home.social.

  1. Modern supply chain security can't rely on periodic scans. When the next CVE drops, you need fleet-wide visibility immediately.

    Our Managed #DependencyTrack provides continuous #SBOM monitoring with multi-source vulnerability intelligence, smart triage (#VEX + #EPSS), and complete data sovereignty, all without the operational overhead of DIY deployment.

    #OpenSource at the core. Managed where it matters.

    Read our 2026 guide to continuous supply chain security:
    amazee.io/blog/post/dependency

  2. Modern apps ship fast. Dependencies change faster. Without continuous monitoring, new vulnerabilities can remain unnoticed for weeks.

    Managed #DependencyTrack automates #SBOM analysis and vulnerability monitoring. Powered by #OWASP, hosted on our infrastructure, you get the platform without the operational overhead.

    🔗 amazee.io/product/dependency-t

  3. Today is the day!

    Join us at 3 PM CDT for a live deep-dive into #DependencyTrack.

    We're showing you how to move from point-in-time scans to continuous, real-time SBOM analysis.

    Learn how to use EPSS to prioritize what’s actually being exploited and ignore the noise. Grab your spot now!

    🔗 amazee.io/blog/post/live-uncov

  4. Is your security team drowning in "critical" alerts that aren't actually exploitable? 🌊

    Most teams treat dependency risk as a manual chore, but our webinar on April 8 shows you how to make it continuous and automated.

    We have a few seats left to show you how #DependencyTrack uses EPSS and VEX to filter out the noise and prioritize real threats. Grab one of the final spots while they’re still available!

    💺 amazee.io/blog/post/live-uncov

    P.S. Can't make it? Register anyway & you'll get the recording

  5. Is your security team drowning in "critical" alerts that aren't actually exploitable?

    🌊🧘‍♂️ Most teams treat dependency risk as a periodic task, but our webinar on April 8 shows you how to make it continuous.

    We'll explore how #DependencyTrack uses #EPSS and #VEX to filter out the noise and prioritize the 10% of vulnerabilities that actually pose a threat to your production environment.

    🔗 amazee.io/blog/post/live-uncov

  6. @andrewnez cool concept, I think it would be a big help when triaging reports from the #DependencyTrack from #OWASP. While I would want to identify critical #CVEs I also need to know the likelihood that a less serious CVE has a higher possibility to be targeted.

  7. I've got a questions about working with the tools provided by #OWASP.

    When working within the #Java and #Maven build environments to use both the dependency-check plugin as well as the DependencyTrack application? I do know that the #DependencyTrack uses the #CycloneDX plugin to generate the BOM. What I'm trying to prevent is extra build time used up to perform similar operations.

  8. CVEs reported without version, and/or never updated to limit their CPEs to exclude versions where the vulnerability is fixed;

    and now I get false positives every single time I update that dependency 😭

    (in this case, specifically, Keycloak's CVE-2020-1717, CVE-2022-1438 and CVE-2023-0105, both still reported on version 22.0.4 by Dependency Track; the GitHub Advisories have the accurate information, but not the NVD 😡)

    #DependencyTrack #cve #keycloak #security #vulnerability