VulnDB Integration for Dependency-Track
Used by: DevSecOps
Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
Integration Spotlight: VulnDB
VulnDB is the world’s most comprehensive, detailed and timely source of vulnerability intelligence and third-party library monitoring. With the VulnDB integration*, Dependency-Track users now have the option to access more comprehensive vulnerability intelligence for better vulnerability identification and prioritization of remediation efforts.
VulnDB supports Dependency-Track in two key ways:
- A VulnDB Analyzer may be enabled which integrates with VulnDB REST APIs to identify vulnerabilities in components with a CPE.
- Ingests VulnDB mirrored content and incorporates the entire vulnerability database into Dependency-Track.
The VulnDB Analyzer is capable of analyzing all components with CPEs against the VulnDB service. The analyzer is a consumer of the VulnDB REST APIs and requires an 0Auth 1.0a Consumer Key and Consumer Secret be configured in Dependency-Track. Although not exclusive, any component with a CPE defined will be analyzed with VulnDB.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications.
A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.
*Requires a VulnDB subscription