Replies: 1 comment 10 replies
-
Every time an SBOM is imported into Dependency-Track, the inventory in the SBOM is analyzed on demand. Complete analysis of the entire portfolio occurs every 24 hours, regardless of whether an SBOM was imported into a project or not. There isn't a manual way to trigger this. Most DT use cases focus on automation. There are plenty of tools (open source and commercial) that scan code and show vulnerabilities. Some of these tools also produce SBOMs in CycloneDX format. Scanning things is outside the scope of DT. That's not what DT is designed for. Refer to the animation on the website (desktop or large screen recommended) https://dependencytrack.org/ |
Beta Was this translation helpful? Give feedback.
-
Hi Steve,
I am not finding the option to scan a product form dependency track dash board. could you show me how to scan from dash board.
Also we are looking for a tool who does the scan of commercial codes and shows their vulnerabilities. Please provide your comments on this requirements whether this tool does the same.
Regards,
Vasavi
Beta Was this translation helpful? Give feedback.
All reactions