I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub. I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides. It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your... - Source: Hacker News / about 2 months ago

To detect these types of vulnerabilities, we should first and foremost know our dependencies and versions, and which of them have vulnerabilities. The OWASP Top 10 2021 identifies this need as A06:2021-Vulnerable and Outdated Components. OWASP has several tools for this, including Dependency Check and Dependency Track. These tools will warn about the use of components with vulnerabilities. - Source: dev.to / 2 months ago

Https://dependencytrack.org/ You just need to use one of the various tools out there to scan. - Source: Hacker News / 9 months ago

OWASP Dependency Track - https://dependencytrack.org/. Source: about 1 year ago

I actually want to build the same thing you are after, and I think I’ll go for the setup you describe in idea 2. The tool you can use for this is Trivy (https://trivy.dev), have it generate a SBOM and send it to Dependencytrack (https://dependencytrack.org). Source: over 1 year ago

When I started with https://emailengine.app, a similar product, I also considered releasing it as a SaaS. But looking at the competition, it seemed too complicated for me (just look at the compliance list for Nylas Email API https://www.nylas.com/security/#compliance ). Will be interesting to see how it works out for you. Good luck! - Source: Hacker News / 6 months ago

Oh, yeah, I forgot my pitch. The link is https://emailengine.app - EnailEngine acts as a mail client, basically the same way Thunderbird runs on desktop, or the iPhone Mail on phone, but instead of a GUI it has REST API and instead of desktop notifications it sends JSON webhooks. And instead of a single email account, it can manage thousands of accounts. - Source: Hacker News / about 1 year ago

Well, I for one, hope that email stays as complicated as described in the post. Otherwise my project that simplifies access to email accounts (https://emailengine.app) would get no traction :D. - Source: Hacker News / over 1 year ago

I'd like to know if anyone here can share some experience using https://emailengine.app in a larger environment, e.g. Managing / watching 100-200 email accounts and processing ~50.000-100.000 mails per day? Source: over 1 year ago

I had the same issues when I started with https://emailengine.app - just like Ghost, it’s an app written in Nodejs. I tried multiple distribution options at first and finally went with complete self containment. All modules are pre-installed during the publishing step and thus the user never needs to run npm. Or if you download the “compiled” single binary version you don’t even need node as it’s bundled with the... - Source: Hacker News / over 1 year ago