Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/poschi3/dependency-tracking-talk
Interactive talk about dependency tracking
https://github.com/poschi3/dependency-tracking-talk
Last synced: about 2 months ago
JSON representation
Interactive talk about dependency tracking
- Host: GitHub
- URL: https://github.com/poschi3/dependency-tracking-talk
- Owner: poschi3
- Created: 2023-11-08T13:21:32.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-05-05T14:11:35.000Z (8 months ago)
- Last Synced: 2024-05-05T15:26:45.425Z (8 months ago)
- Language: Java
- Homepage:
- Size: 5.86 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
Awesome Lists containing this project
README
# Dependency Tracking
## Maven Central OSS Index
* https://central.sonatype.com/
* com.microsoft.graph:microsoft-graph:5.30.0
## Maven
* mvn dependency:analyze
* mvn dependency:tree
## OWASP Plugin
* https://jeremylong.github.io/DependencyCheck/index.html
* mvn org.owasp:dependency-check-maven:aggregate
* Output:
* Console
* Site
* Have to look / break build
* Ignoring a problem
* Sometimes slow
* When to run?
## SBOM / CycloneDX
* https://owasp.org/www-project-cyclonedx/
* Standard format
## Dependency Track
* Store SBOM!
* https://dependencytrack.org/
* https://github.com/DependencyTrack/dependency-track
* http://localhost:8080/
* Additional sources (Github)
### Fix advisories
* Problem: https://github.com/advisories/GHSA-6x3v-rw2q-9gx7
* Fix: https://github.com/github/advisory-database/pull/1837
## No excuse