Dependency Track SaaS

The Dependency Track SaaS, offered by YourSky.blue, is a Software Composition Analysis (SCA) solution aimed at enhancing software supply chain security. According to the vendor, this tool is suitable for organizations of various sizes, including small to large businesses in professions such as software development, IT security, DevOps, compliance and risk management, and financial services.

Key Features

Manage software bill of material (sbom): According to the vendor, the product allows users to track and manage the software bill of materials (SBOM) for their applications. It enables the comprehensive inventory of software components, versions, and licenses, as well as the visualization of dependency chains between components.

Enhance software supply chain security: The vendor claims that the product continuously monitors the list of components for Common Vulnerabilities and Exposures (CVE). It utilizes the latest National Vulnerability Database (NVD) to scan for vulnerabilities and provides the ability to audit and document vulnerabilities in projects. Additionally, it helps identify and address obsolete components and detect software license breaches.

Completely disconnected from your infrastructure: Dependency Track SaaS operates independently and does not require any connection to users' infrastructure, providing a secure and isolated environment for software analysis, as stated by the vendor.

Easy to understand scale: According to the vendor, the product utilizes a clear and intuitive scale to indicate the level of security compliance of software. This allows for easy identification of security risks and vulnerabilities.

Transparent and trustworthy: The vendor claims that the product provides a transparent and trustworthy assessment of software's level of security compliance. It offers universally available online access to ensure transparency and accessibility.

Automate SBOM transfer when new versions are deployed: According to the vendor, the product automatically updates the software bill of materials (SBOM) when new versions of components are deployed. This streamlines the process of keeping the SBOM up to date.

Receive immediate notifications for new vulnerabilities: The vendor states that the product provides immediate notifications through various channels (email, slack, teams, ticket, etc.) when a new vulnerability affects software components. This allows users to stay informed and take prompt action to address vulnerabilities.

Share meaningful information outside the IT Team: According to the vendor, the product enables users to share relevant and meaningful information about software vulnerabilities with stakeholders outside the IT team. This reduces information silos and fosters collaboration across the organization.

Reduced surface attack: Dependency Track SaaS is completely disconnected from users' infrastructure, according to the vendor. This reduces the attack surface and minimizes the risk of unauthorized access to systems.

Advanced security standards: The vendor claims that the product supports advanced security features such as single sign-on, multi-factor authentication, and configurable application permissions. It also adheres to the latest HTTPS/TLS enforced standards for secure communication.