Create analyzer for OWASP Dependency-Track

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

https://owasp.org/www-project-dependency-check/

Apache License 2.0

6.44k stars 1.28k forks source link

Create analyzer for OWASP Dependency-Track #708

Open stevespringett opened 7 years ago

stevespringett commented 7 years ago

OWASP Dependency-Track (dev3+) allows the importing and refining of Dependency-Check XML reports. It also allows the importing of SPDX and the manual creation of components.

ODT provides a REST API (similar to Maven Central) that allows the searching of components by MD5/SHA1 hashes and will respond back with the highest confidence metadata available.

This ticket is to track the creation of an analyzer for Dependency-Check so that it can use Dependency-Track as a source of evidence.

amandel commented 5 years ago

I've created #2233 which kind of points into the other direction. IMHO both are valuable.