Dependency-Track can automatically publish results to the Kenna Security platform providing a consolidated view of every vulnerability across an organization including vulnerable components.
Dependency-Track accomplishes this in the following ways:
- Kenna Security integration is configured in Dependency-Track
- Dependency-Track pushes findings to Kenna on a periodic basis (configurable)
- Dependency-Track v3.4.0 or higher
- Kenna Security with Application Risk Module
Kenna Security Configuration
Step 1: Navigate to connectors
Step 2: Add a KDI connector
Each connector has a unique ID. The ID is typically available in the URL as well as accessible via the Kenna API. The connector ID will be used when configuring integration with Dependency-Track.
Dependency-Track includes the ability to specify configuration properties on a per-project basis. This feature is used to map projects in Dependency-Track to applications/assets in Kenna.
|Property Value||The assets external_id|
The external_id may be anything as long as it uniquely identifies the application in Kenna. Shown in the example is the UUID of the Dependency-Track project. However, the external_id may be an organizations internal identifier for the application.