Stowage/dependency-track
2
0
Fork 0
mirror of https://github.com/DependencyTrack/dependency-track.git synced 2026-02-13 19:05:22 +00:00
Code Issues Projects Releases Packages Wiki Activity
dependency-track/docs/_docs/datasources/ossindex.md
Steve Springett de898b599a
v3.6 doc update
2019-09-28 22:59:32 -05:00

17 lines
876 B
Markdown
Raw Blame History

---
title: Sonatype OSS Index
category: Datasources
chapter: 4
order: 3
---
Sonatype OSS Index provides transparent and highly accurate results for components with valid Package URLs.
The majority of vulnerabilities directly map to CVEs in the National Vulnerability Database (NVD), however,
OSS Index does contain many vulnerabilities that are not present in the NVD.
Dependency-Track integrates with OSS Index using it's public API. Dependency-Track does not mirror OSS Index,
but it does consume vulnerabilities from OSS Index on a 'as-identified' basis.
> OSS Index is disabled by default as it requires an account. It's highly recommended that OSS Index is enabled
> in order to provide accurate results. To enable OSS Index, sign up for a free account and enter the account
> details in Dependency-Track in the 'Analyzers' settings in the administrative console.
Reference in a new issue View git blame Copy permalink