The article presents how to store and analyse Software Bill of Materials with OWASP Dependency-Track to identify security vulnerabilities in open-source components. It guides how Dependency-Track can be deployed in a production environment and summarises pros and cons of this platform.

submitted by /u/theowni
[link] [comments]

/r/netsec - Information Security News & Discussion

A Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.

By: ／u／theowni — September 17^th 2023 at 16:57

submitted by /u/theowni
[link] [comments]

/r/netsec - Information Security News & Discussion

Using Open Source Software Composition Analysis Tool From Google. Presenting the usage of the osv-scanner tool in real-life Python and Java projects. A tool review with pros and cons.

By: ／u／theowni — September 4^th 2023 at 17:35

submitted by /u/theowni
[link] [comments]

/r/netsec - Information Security News & Discussion

Why Not To Automate Security in SDLC with SAST? My thoughts and arguments why SAST should be as widely adopted as code quality checks.

By: ／u／theowni — August 28^th 2023 at 17:17

submitted by /u/theowni
[link] [comments]