OWASP Dependency-Track
Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
Cost / License
- Free
- Open Source (Apache-2.0)
Platforms
- Mac
- Windows
- Linux
- Self-Hosted
Features
- Vulnerability management
- Outdated Component Detection
- Software Bill-of-Materials
- Continuous Component Analysis
- Jenkins Plugin
- Continuous Integration
Tags
- bom-management
- nvd
- owasp
- software-security
- sca
- license-policy
- security-policy
- spdx
- Security Utilities
- appsec
- bill-of-materials
- cyclonedx
- vulndb
- component-analysis
- Software Composition Analysis
- package-url
OWASP Dependency-Track News & Activities
Recent activities
dcentrica added OWASP Dependency-Track as alternative to Metaport- manduhcalderon liked OWASP Dependency-Track
- K0RR updated OWASP Dependency-Track
K0RR added OWASP Dependency-Track as alternative to HarborGuard- FelschR liked OWASP Dependency-Track
POX added OWASP Dependency-Track as alternative to vet
OWASP Dependency-Track information
Developed by
OWASP Licensing
Open Source (Apache-2.0) and Free product.Written in
Alternatives
9 alternatives listedSupported Languages
- English
AlternativeTo Category
Security & PrivacyGitHub repository
- 3,533 Stars
- 706 Forks
- 1022 Open Issues
- Updated
Featured in Lists
A list with 66 apps by matheusrv without a description.
What is OWASP Dependency-Track?
Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
Dependency-Track monitors component usage across all versions of every application in its portfolio in order to proactively identify risk across an organization. The platform has an API-first design and is ideal for use in Continuous Integration (CI) and Continuous Delivery (CD) environments.