#dependencytrack — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #dependencytrack, aggregated by home.social.
-
Modern supply chain security can't rely on periodic scans. When the next CVE drops, you need fleet-wide visibility immediately.
Our Managed #DependencyTrack provides continuous #SBOM monitoring with multi-source vulnerability intelligence, smart triage (#VEX + #EPSS), and complete data sovereignty, all without the operational overhead of DIY deployment.
#OpenSource at the core. Managed where it matters.
Read our 2026 guide to continuous supply chain security:
https://www.amazee.io/blog/post/dependency-track-software-supply-chain-security -
Modern apps ship fast. Dependencies change faster. Without continuous monitoring, new vulnerabilities can remain unnoticed for weeks.
Managed #DependencyTrack automates #SBOM analysis and vulnerability monitoring. Powered by #OWASP, hosted on our infrastructure, you get the platform without the operational overhead.
-
Today is the day!
Join us at 3 PM CDT for a live deep-dive into #DependencyTrack.
We're showing you how to move from point-in-time scans to continuous, real-time SBOM analysis.
Learn how to use EPSS to prioritize what’s actually being exploited and ignore the noise. Grab your spot now!
🔗 https://www.amazee.io/blog/post/live-uncover-hidden-vulnerabilities-with-dependency-track/
-
Is your security team drowning in "critical" alerts that aren't actually exploitable? 🌊
Most teams treat dependency risk as a manual chore, but our webinar on April 8 shows you how to make it continuous and automated.
We have a few seats left to show you how #DependencyTrack uses EPSS and VEX to filter out the noise and prioritize real threats. Grab one of the final spots while they’re still available!
💺 https://www.amazee.io/blog/post/live-uncover-hidden-vulnerabilities-with-dependency-track/
P.S. Can't make it? Register anyway & you'll get the recording
-
Is your security team drowning in "critical" alerts that aren't actually exploitable?
🌊🧘♂️ Most teams treat dependency risk as a periodic task, but our webinar on April 8 shows you how to make it continuous.
We'll explore how #DependencyTrack uses #EPSS and #VEX to filter out the noise and prioritize the 10% of vulnerabilities that actually pose a threat to your production environment.
🔗 https://www.amazee.io/blog/post/live-uncover-hidden-vulnerabilities-with-dependency-track
-
@andrewnez cool concept, I think it would be a big help when triaging reports from the #DependencyTrack from #OWASP. While I would want to identify critical #CVEs I also need to know the likelihood that a less serious CVE has a higher possibility to be targeted.
-
I've got a questions about working with the tools provided by #OWASP.
When working within the #Java and #Maven build environments to use both the dependency-check plugin as well as the DependencyTrack application? I do know that the #DependencyTrack uses the #CycloneDX plugin to generate the BOM. What I'm trying to prevent is extra build time used up to perform similar operations.
-
CVEs reported without version, and/or never updated to limit their CPEs to exclude versions where the vulnerability is fixed;
and now I get false positives every single time I update that dependency 😭
(in this case, specifically, Keycloak's CVE-2020-1717, CVE-2022-1438 and CVE-2023-0105, both still reported on version 22.0.4 by Dependency Track; the GitHub Advisories have the accurate information, but not the NVD 😡)
-
Google Publishes a Tutorial on How To Deploy #OWASP #DependencyTrack Platform to Google Cloud:
#SupplyChainSecurity
#OpenSource
#SBOMhttps://cloud.google.com/community/tutorials/deploy-dependency-track