Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Content provided by Viktor Petersson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Viktor Petersson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Navigating SBOMs at Scale: Inside DependencyTrack with Niklas Düster

41:02
 
Share
 

Manage episode 494800879 series 3621860
Content provided by Viktor Petersson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Viktor Petersson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

In this episode, Viktor Petersson sits down with Niklas Düster, co-lead of OWASP DependencyTrack and contributor to CycloneDX, to explore the realities of managing software bill of materials (SBOMs) at scale. Drawing on real-world experience, Niklas explains how DependencyTrack helps engineering teams analyze, monitor, and act on risks buried deep in their dependency trees.

The conversation covers how teams integrate SBOM workflows into CI/CD pipelines, why gating deployments on vulnerability scans can backfire, and how the platform's evolving architecture is built to handle massive, multi-project setups. Niklas also unpacks how VEX files fit into the equation, and why context-aware suppression logic is key to reducing alert fatigue without missing critical issues.

For anyone responsible for securing large-scale software systems, this episode provides a grounded look at how DependencyTrack works under the hood and what's ahead. It's a practical, engineering-focused conversation that highlights what it takes to operationalize SBOMs across modern infrastructure.

  continue reading

40 episodes

Artwork
iconShare
 
Manage episode 494800879 series 3621860
Content provided by Viktor Petersson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Viktor Petersson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

In this episode, Viktor Petersson sits down with Niklas Düster, co-lead of OWASP DependencyTrack and contributor to CycloneDX, to explore the realities of managing software bill of materials (SBOMs) at scale. Drawing on real-world experience, Niklas explains how DependencyTrack helps engineering teams analyze, monitor, and act on risks buried deep in their dependency trees.

The conversation covers how teams integrate SBOM workflows into CI/CD pipelines, why gating deployments on vulnerability scans can backfire, and how the platform's evolving architecture is built to handle massive, multi-project setups. Niklas also unpacks how VEX files fit into the equation, and why context-aware suppression logic is key to reducing alert fatigue without missing critical issues.

For anyone responsible for securing large-scale software systems, this episode provides a grounded look at how DependencyTrack works under the hood and what's ahead. It's a practical, engineering-focused conversation that highlights what it takes to operationalize SBOMs across modern infrastructure.

  continue reading

40 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Listen to this show while you explore
Play