We are currently using camunda as a module and ship the BPM engine as part of our software. To be able to keep up with your security notices we currently have to check them periodically. It would be great if we could add your application as a component into our current workflow with dependency-track. For this camunda would have to be added to the CPE index from NIST.
Are there any thoughts on this?