Dependency-Track logov4.10

Organizations can analyze the potential for impact of a vulnerability in their environment. Dependency-Track can help identify all affected projects across the organization. If the vulnerability is published to a datasource Dependency-Track supports (i.e. NVD, GitHub Advisories, OSS Index, VulnDB, etc), then simply looking up the vulnerability in the platform is all that’s required.

Using Dependency-Track can help organizations answer two important questions:

vulnerability

Dependency-Track contains a full mirror for each of the vulnerability datasources it supports. Virtually all public information about the vulnerability including the description, affected versions, CWE, and severity, are captured, as well as the affected projects. The list of affected projects is dynamically generated based on data in Dependency-Track at the time of inquiry.

affected projects

Alternatively, if the component name and version are known, then performing a search on that component will reveal a list of vulnerabilities, as well as a list of all projects that have a dependency on the component.

incident response