Yes, Ketryx scans SPDX files and your vulnerability scanner can likely output in this format. It parses the SPDX file and creates corresponding dependencies as defined within these files. Ketryx extracts crucial information about software packages, including version, license, and advisory information (introduced in SPDX version 2.3), and checks direct and indirect (transitive) dependencies for vulnerabilities.
Does Ketryx integrate with multiple vulnerability scanners beyond what is native in Ketryx?
Lee Chickering
Comments
0 comments
Article is closed for comments.