Cryptosoft – Securing The Enterprise Supply Chain
Understanding risks that exist within a software package is a complex activity which requires the deployment of various security detection technologies (vulnerability scanners, antivirus scanning, pattern analysis etc.). This complexity is amplified as typical software packages are composed from many components; some home-grown, some from open source and others purchased from third parties. It means that to be effective traditional security analysis of individual components needs to be augmented with an evaluation of threats and vulnerabilities of the aggregated software package. Analysis at this level has been demonstrated to reveal significant issues that are hidden when the evaluation performed is purely at the component level.
At Cryptosoft we bring to our clients a strong working knowledge of Dependency-Track and a rich set of skills and experience in DevSecOps, enterprise-grade software management and operating software-as-a-service (SaaS) solutions. We have a close relationship with the OWASP community and are committed to contributing our enhancements back to the open source base.
With our managed service, on-boarding is simple and you delegate the availability and software upgrade responsibilities to us, while focusing on managing your software supply chain risk according to your enterprise policies.
From our enterprise experience we know that some users will prefer to run Dependency-Track from behind their firewall. With our managed container application we provide you with a container and pre-configured information to allow you to easily run DT in your preferred environment (for example Red Hat OpenShift, Google Anthos, …). We can provide periodic updates to your container on a frequency, and though a mechanism, that satisfies your security policies.
Both our offerings include an SBOM creation capability (the ability to create CycloneDX SBOMs for ingestion to DT from a wide range of source languages), pre-configured best practices and easy integrations with your toolchain via APIs and GitHub Actions.
Regardless of which solution you select, teaming with Cryptosoft will help you accelerate and optimize the value your organization renders from Dependency-Track and allows you to focus your time and resources on other business-related issues.