Conference:  Global AppSec Dublin 2023

Authors: Vinod Anandan, Meha Bhargava, Niklas Jan Duster

2023-02-15

With the need to deliver software faster to clients, it is typical not to "reinvent the wheel" and instead rely on open source/3rd party components.With increased adoption of open source/3rd party components the complexity and inherited risk of software supplychain is rising. It is crucial to have a complete and accurate inventory of the open source/3rd party component usage and risk associated with it."Our software supply chain security is our responsibility".In order to achieve a complete inventory, Bill Of Material (BOM) is a fundamental building block. OWASP Dependency Track consumes BOM and helps to continuously monitor risk associated with these components.In this talk, we will explain and demonstrate OWASP Dependency Track and how it can be a foundational platform to add to your arsenal of tools to improve software supplychain security.