In this episode, Viktor Petersson sits down with Niklas Düster, co-lead of OWASP DependencyTrack and contributor to CycloneDX, to explore the realities of managing software bill of materials (SBOMs) at scale. Drawing on real-world experience, Niklas explains how DependencyTrack helps engineering teams analyze, monitor, and act on risks buried deep in their dependency trees.

The conversation covers how teams integrate SBOM workflows into CI/CD pipelines, why gating deployments on vulnerability scans can backfire, and how the platform's evolving architecture is built to handle massive, multi-project setups. Niklas also unpacks how VEX files fit into the equation, and why context-aware suppression logic is key to reducing alert fatigue without missing critical issues.

For anyone responsible for securing large-scale software systems, this episode provides a grounded look at how DependencyTrack works under the hood and what's ahead. It's a practical, engineering-focused conversation that highlights what it takes to operationalize SBOMs across modern infrastructure.