MASTG-TOOL-0132: dependency-track
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
- Installation: You can install Dependency-Track by using docker. The default credentials can be found in the initial setup.
- Input: Dependency-Track relies on Software Bill of Materials (SBOM) to identify vulnerable dependencies. SBOMs can be generated using tools such as cdxgen and uploaded via the API.
- REST API: You can use the REST API with an API Key and a project to which the SBOM can be uploaded.