Skip to main content

Dependency Track

Application Security

The Dependency Track Connector integrates with OWASP Dependency-Track, an open-source software composition analysis (SCA) platform. It connects to a Dependency-Track instance over its REST API to synchronize projects, their software components (the SBOM), the installed-package relationships between components and projects, and the vulnerabilities affecting those components. The data is mapped into the Brinqa Unified Data Model (UDM) so that code projects, packages, open-source findings, and finding definitions can be analyzed alongside the rest of your security data.

Data retrieved from Dependency Track

Connector ObjectRequiredMaps to Data Model
ProjectYesCODE_PROJECT
Installed PackageYesINSTALLED_PACKAGE
ComponentYesPACKAGE
VulnerabilityYesOPEN_SOURCE_FINDING
Vulnerability DefinitionYesOPEN_SOURCE_FINDING_DEFINITION

Model relationships

note

For detailed steps on how to view the data retrieved from Dependency Track in the Brinqa Platform, see How to view your data.