OWASP Dependency-Track 5.0 Is Now Generally Available
Summary
OWASP Dependency-Track has released version 5.0, featuring a significant redesign focused on horizontal scaling, fault tolerance, and enhanced software supply chain integrity verification. This new version aims to address the limitations of previous single-server architectures, enabling high availability and more robust risk management for organizations dealing with large volumes of SBOMs and software components.
IFF Assessment
This release provides an open-source tool that helps organizations identify and reduce risks in their software supply chain, which is beneficial for defenders.
Defender Context
This update to OWASP Dependency-Track enhances capabilities for managing software supply chain risks, including better detection of typosquatting and registry tampering. Defenders can leverage these improved features to gain greater visibility into their software dependencies and proactively address potential vulnerabilities introduced through the supply chain.