遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/2781)
<a href="https://www.bestpractices.dev/projects/2781"><img src="https://www.bestpractices.dev/projects/2781/badge"></a>
Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
警告:需要更长的理由。
All source files have a license statement, copyright, and SPDX license identifier
Repository on GitHub, which uses git. git is distributed.
2FA is required at the GitHub organizational level
GitHub uses TOTP
Only exact library versions are specified and the end result will be identical builds - however a unique build id will be generated for each build which unique identifies it.
警告:需要URL,但找不到URL。
https://hub.docker.com/ and https://github.com/DependencyTrack/dependency-track/releases // One or more of the required security hardening headers is missing.
Security reviews are constant and part of the SDLC
后退