Incorporate OWASP "Component Analysis" into Documentation

[msymons]

Enhancement: Now that OWASP Component Analysis is published (no longer a draft) I think that it would be useful to reference this in documentation and, to make it really useful....

Have a table that lists the 15 recommendations and details how they are implemented using Dependency-Track.

This would provide a handy reference to provide to management so that they can instantly see that DT is ticking (say) 12 out of 15 recommendations.

It would also make it clear where implementing a specific recommendation necessitates (say) integrating with Kenna (or whatever).

It would (or could) also make it clear if there are recommendations which are under development, seeking feedback, etc.

[stevespringett]

A link to the article is here: https://docs.dependencytrack.org/best-practices/ but I agree the content would be useful if included.

Work will begin on a maturity model for what I'm dubbing as Supply Chain Component Analysis (SCCA) that will describe various levels of maturity in various categories (similar to OwaspSamm or BSIMM but specific to supply chain risk).

So in addition to including parts of the above article, it might be useful to describe how Dependency-Track can be used to achieve various levels of maturity for the various activities.

[leec94]

this is already in the resources section of the readme, suggest closing this out?

[github-actions[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.