Dependency-Track

Community meeting tomorrow at 5PM UTC! linkedin.com/posts/owasp-de…

Dependency-Track: Open-source component analysis platform - helpnetsecurity.com/2025/10/27/dep… - #OpenSource @GitHub #GitHub #CyberSecurity @DependencyTrack #OWASP #SBOM #SaaSBOM #HBOM #VEX #SoftwareSupplyChain

We're honored that @defectdojo has chosen Dependency-Track as one of the top #opensource tools in the #SCA category this year. Here's the press release with all the other great tools on the list. businesswire.com/news/home/2025… #SBOM #CycloneDX #OWASP

Today, I attended a session on hashtag @DependencyTrack , where an interesting case study on @monzo Bank was presented by Michael Macnair. It highlighted how they transitioned from a traditional security approach to a more SBOM-driven software supply chain security model. Monzo Bank's Journey to Software Supply Chain Security with SBOMs & Dependency-Track 🔍 Old Approach: • No SBOM (Software Bill of Materials) generation. • Security scans were done using proprietary scanners and in-house tools directly on the code. 🚀 New Approach: • Started generating SBOMs using tools like Syft. • Pushed these SBOMs to Dependency-Track, a popular SBOM management platform. • Leveraged SBOM-driven security analysis for better visibility and risk management. This shift not only improved their security posture but also helped them step into the world of modern software supply chain security, keeping eye on their third party components vulnerabilities, which was lacking in the old architecture. This case study is a great example of how organizations can move beyond traditional scanning and embrace SBOMs for a more structured and proactive approach to security. What are your thoughts on this transformation? Have you seen similar shifts in your organization or still waiting to shifts ? Let’s discuss! 🔍💡 Thanks to Michael Macnair for sharing... #OWASP #OpenSource #CyberSecurity #SBOM #CycloneDX #DependencyTrack #SoftwareSupplyChainSecurity

Join our community meeting next Wednesday, 2nd April at 4-5PM UTC for a presentation from our friends at #Monzo Bank! Learn how they replaced a proprietary vulnerability scanner with #CycloneDX #SBOMs & DT. Calendar: dub.sh/dtcalendar Zoom: dub.sh/dtzoom

OWASP Members change the world. Your membership helps shape the organization and drives our projects and community. If you are not a member or are due for renewal within 60 days, please join or renew today and get 10-25% off! owasp.org/membership > Memberships > Apply

As a reminder, you can watch the recordings, and access the slides, of all previous meetings here: #community-meetings" target="_blank" rel="nofollow noopener">github.com/DependencyTrac… The next community meeting will take place as per usual schedule on December 4th. See you there!

The team decided to skip this month’s community meeting, which was originally scheduled for tomorrow (Nov. 6th). Since the last meeting, we released version 4.12.1 (#v4-12-1" target="_blank" rel="nofollow noopener">docs.dependencytrack.org/changelog/#v4-…). We’re aiming to release 4.12.2 in about a week’s time.

Join us in tomorrow's community meeting at 4PM UTC to learn about the new version 4.12.0, which is scheduled for release later today! #community-meetings" target="_blank" rel="nofollow noopener">github.com/DependencyTrac…

.@DependencyTrack is an open-source component analysis platform with a UI #madewithvuejs that helps you to identify & reduce risk in your software supply chain 🔍️ - madewithvuejs.com/dependency-tra…

Fantastic news for @QuarkusIO users! It's now easier than ever to generate accurate CycloneDX SBOMs for your applications. Massive kudos to the Quarkus team for the thoughtful and developer-friendly implementation!

We'd like to take this opportunity to thank the team at @IBM around Melba Lopez and Caroline Lee, who generously hosted all previous community meetings on their WebEx account. Thanks so much!

As usual, you can find the invite in the OWASP Software Supply Chain Community Calendar: @group.calendar.google.com&ctz=UTC" target="_blank" rel="nofollow noopener">calendar.google.com/calendar/u/0/e…

With the upcoming community meeting on Sept 4th, we're switching from WebEx to @owasp's Zoom. The calendar invite was updated accordingly. If you imported the invite to a calendar app, please verify whether the Zoom details are present, and re-import the invite if they're not.

Couldn’t attend this week’s Dependency-Track community meeting? No0WPvVCRyLjwe’ve got the recording. @nscur0 leads us through the project roadmap. We also have special guests from the CycloneDX #cryptography working group presenting #CBOM. Don’t miss it. youtube.com/watch?v=0WPvVC…

CBOMs are sexy, you know this right? So if you agree, you should attend the @CycloneDX_Spec meeting tomorrow where you'll learn all about how sexy they are linkedin.com/events/depende…

Be a driving force in advancing the #OWASP Foundation's mission! Join us as a Corporate Supporter and create a meaningful impact with your support! 🌐🤝 owasp.org/supporters/pac… #Cybersecurity #InfoSec #supportnonprofit #nonprofit #benefits #appsec #developers

Join us for our next community meeting on January 31st at 3PM UTC (10:00am U.S. Eastern)! Agenda: - Project / Release Update (~15 min) - How IBM CISO uses Dependency-Track (~10 min) - Q&A (~30 min) Calendar invite: calendar.google.com/calendar/event… #OWASP #SBOM #CycloneDX #EO14028

Thank you SANS for this incredible honor. The Dependency-Track project would not be possible without our amazing community of maintainers, contributors, and the organizations that entrust #OWASP in helping reduce their supply chain risk. #SBOM #CycloneDX #EO14028