You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As far as I know, Dependency Track matches only vulnerable packages.
The ability to detect both vulnerable and malicious packages would significantly enhance the security capabilities of Dependency Track and provide comprehensive protection for users.
Does anyone know if there are plans to utilize the MAL-* data from osv.dev to detect malicious packages as well?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
As far as I know, Dependency Track matches only vulnerable packages.
The ability to detect both vulnerable and malicious packages would significantly enhance the security capabilities of Dependency Track and provide comprehensive protection for users.
Does anyone know if there are plans to utilize the MAL-* data from osv.dev to detect malicious packages as well?
Beta Was this translation helpful? Give feedback.
All reactions