https://socake.github.io/tags/dependency-track/ Recent content in Dependency-Track on 黄文卓 | DevOps Engineer Hugo -- gohugo.io zh-CN 17691281867@163.com (Wenzhuo Huang) 17691281867@163.com (Wenzhuo Huang) © 2026 Wenzhuo Huang Fri, 24 Oct 2025 10:00:00 +0800 https://socake.github.io/posts/sbom-dependency-track/ Fri, 24 Oct 2025 10:00:00 +0800 17691281867@163.com (Wenzhuo Huang) https://socake.github.io/posts/sbom-dependency-track/ 一份基于生产环境的 SBOM 实战指南：讲清楚 CycloneDX 与 SPDX 的格式差异、Syft/cdxgen/Trivy 三款主流生成器的对比，部署 Dependency-Track 4.12 做持续漏洞监测，通过策略违规自动化处置 CVE，并分享 SBOM 消费链路上的真实踩坑。