Used by: DevSecOps

Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

Integration Spotlight: VulnDB

VulnDB is the world’s most comprehensive, detailed and timely source of vulnerability intelligence and third-party library monitoring. With the VulnDB integration*, Dependency-Track users now have the option to access more comprehensive vulnerability intelligence for better vulnerability identification and prioritization of remediation efforts.

VulnDB supports Dependency-Track in two key ways:

  1. A VulnDB Analyzer may be enabled which integrates with VulnDB REST APIs to identify vulnerabilities in components with a CPE.
  2. Ingests VulnDB mirrored content and incorporates the entire vulnerability database into Dependency-Track.

The VulnDB Analyzer is capable of analyzing all components with CPEs against the VulnDB service. The analyzer is a consumer of the VulnDB REST APIs and requires an 0Auth 1.0a Consumer Key and Consumer Secret be configured in Dependency-Track. Although not exclusive, any component with a CPE defined will be analyzed with VulnDB.

About VulnDB

VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications.

A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.

*Requires a VulnDB subscription

Our products
The Platform
Risk Based Intelligence
Learn more
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
Risk Management
Learn more