skip to content
vaibhav.vanage
← all work
project

SBOM & SCA Automation

Azure DevOps extension — org-wide SBOM + supply-chain security.

DevSecOps

A custom Azure DevOps extension automating SBOM generation (CycloneDX) and Software Composition Analysis, feeding centralized vulnerability tracking via OWASP Dependency-Track. Drove org-wide adoption of software-supply-chain security while cutting licensing cost.

org
Bajaj Finserv Health
impact
Org-wide supply-chain security; reduced licensing cost.
stack
Azure DevOps ExtensionsCycloneDXDependency-TrackSonarQube

// skills

CycloneDX SBOMDependency-TrackSecure CI/CD

// connections

see this in the graph