You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Suggestion to include guidance on tracking the components in your base image, and your own bundled software, as part of D02.
There are tools like Anchore Syft that can generate a software bill of materials for container images. This information can be fed into tools like OWASP Dependency-Track for continuous analysis. And identification of vulnerable components.
It also helps address OWASP Top 10 A9:2017-Using Components with Known Vulnerabilities, and activities identified in the OWASP SCVS.
The text was updated successfully, but these errors were encountered:
Suggestion to include guidance on tracking the components in your base image, and your own bundled software, as part of D02.
There are tools like Anchore Syft that can generate a software bill of materials for container images. This information can be fed into tools like OWASP Dependency-Track for continuous analysis. And identification of vulnerable components.
It also helps address OWASP Top 10 A9:2017-Using Components with Known Vulnerabilities, and activities identified in the OWASP SCVS.
The text was updated successfully, but these errors were encountered: