Skip to content

MASTG-TOOL-0132: dependency-track

Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

  • Installation: You can install Dependency-Track by using docker. The default credentials can be found in the initial setup.
  • Input: Dependency-Track relies on Software Bill of Materials (SBOM) to identify vulnerable dependencies. SBOMs can be generated using tools such as cdxgen and uploaded via the API.
  • REST API: You can use the REST API with an API Key and a project to which the SBOM can be uploaded.

Techniques

MASTG-TECH-0130: Software Composition Analysis (SCA) of Android Dependencies by Creating a SBOM MASTG-TECH-0132: Software Composition Analysis (SCA) of iOS Dependencies by Creating a SBOM

Tests

MASTG-TEST-0274: Dependencies with Known Vulnerabilities in the App's SBOM MASTG-TEST-0275: Dependencies with Known Vulnerabilities in the App's SBOM

Demos

MASTG-DEMO-0051: Identifying Insecure Dependencies through SBOM Creation MASTG-DEMO-0053: Identifying Insecure Dependencies in SwiftPM through SBOM creation