FAQs

FAQ

What is a software supply chain?

A software supply chain encompasses anything and everything that touches an application as it is being developed; the component code, how the components are connected, security, development processes, deployment processes, tools used etc. It is the end-to-end story of assets, processes and tools being used in the creation of a software product.

What is an SBOM?

A “software bill-of-materials” (SBOM) defines the complete inventory of software components and their dependencies in an application. It is defined in JSON text and follows a standard format. SBOMs have emerged as a key building block in software security and software supply chain risk management as they provide visibility into all the components in the chain and their dependencies.

What is OWASP Dependency-Track and why should I use it as part of my security strategy?

OWASP Dependency-Track (D-T) (https://owasp.org/www-project-dependency-track/) is an open source project that has been evolving since 2013. It is an intelligent component analysis platform that allows organizations to identify and reduce risk in the software supply chain by analyzing risks in SBOMs. D-T analyzes components used in the SBOM for security vulnerabilities, license compliance and software pedigree.

What is the value of using Cryptosoft's OWASP Dependency-Track service?

The Cryptosoft service will provide you with immediate security protection and value, along with support. We take care of ensuring the service is available and up to date allowing you to focus your skilled resources on security strategy versus infrastructure management. Cryptosoft additionally provides you with a utility to create your SBOMs and the flexibility to run our offering privately (behind your firewall).

What is difference between downloading and installing OWASP’s Dependency-Track and using the Cryptosoft service?

Functionally the offering is exactly the same. We additionally provide SBOM creation services, support and we provide immediate access to an operational service relieving you of the need to plan, install and maintain the offering.

Dependency-Track requires an SBOM as input. How do I create an SBOM?

Dependency-Track requires a CycloneDX formatted SBOM as input to its capabilities. You can create the SBOM yourself using a tool of your choice, or use Cryptosoft’s provided capability to create one for you (https://www.dependencytrack.com/sbom-creation/ ).

How do I get information on how to use Cryptosoft’s SBOM creation utility?

https://www.dependencytrack.com/sbom-creation/

How do I invoke the Dependency-Track service using APIs?

APIs are provided to allow you to create an SBOM using Cryptosoft’s provided utility and to drive the Dependency-Track analysis of your SBOM. This allows you to easily add this capability to your current toolchain. Documentation for using the APIs can be found here: https://www.dependencytrack.com/sbom-creation/

How do I get more details on the OWASP Dependency-Track offering’s usage and capabilities?

Our Documentation tab (https://docs.dependencytrack.org/) provides links to Dependency-Track’s documentation.

How much does Cryptosoft’s OWASP Dependency-Track service cost?

Pricing of our offering can be found here. The first month’s usage is free.

What is the managed application version (running behind your firewall) of the Cryptosoft OWASP Dependency-Track and how do I get more information on it?

The managed application version of our service is a containerized version of Dependency-Track along with assets we have created to facilitate running it on your chosen kubernetes environment behind your firewall. As part of the offering Cryptosoft provides expert assistance to ensure the offering gets up and running. We provide updates to the container as required, the updates are provided to you using a choice of secure mechanisms. For more details on our managed application please contact us at info@cryptosoft.com.

Does Cryptosoft store any of my data?

We use a Postgres database to persistently store the SBOMs that you upload and the subsequent analyzed information. As a Cryptosoft client, this database and your Dependency-Track instance, is unique and exclusive to you and can only be accessed by you.

What security procedures do Cryptosoft employ to protect the service?

The Cryptosoft team is composed of security professionals who have depth and experience in defining and implementing security processes for commercial software products and for large diverse software development teams. We implement security best practices (access controls, audit log, secure connections, encryption, etc...), reliability, performance, and efficiency as dictated by AWS/GoogleCloud's Well Architected Framework. This includes daily vulnerability scanning with a management system around remediations as necessary.

FAQ

What is a software supply chain?

What is an SBOM?

What is OWASP Dependency-Track and why should I use it as part of my security strategy?

What is the value of using Cryptosoft's OWASP Dependency-Track service?

What is difference between downloading and installing OWASP’s Dependency-Track and using the Cryptosoft service?

Dependency-Track requires an SBOM as input. How do I create an SBOM?

How do I get information on how to use Cryptosoft’s SBOM creation utility?

How do I invoke the Dependency-Track service using APIs?

How do I get more details on the OWASP Dependency-Track offering’s usage and capabilities?

How much does Cryptosoft’s OWASP Dependency-Track service cost?

What is the managed application version (running behind your firewall) of the Cryptosoft OWASP Dependency-Track and how do I get more information on it?

Does Cryptosoft store any of my data?

What security procedures do Cryptosoft employ to protect the service?

Is the Cryptosoft service ISO 270001 certified?

Is my Cryptosoft OWASP Dependency-Track offering completely private to me?

How often is my Dependency-Track service upgraded?

How do I get help or provide feedback on the service?

no title

no title

no title