Skip to content

DependencyTrack/dependency-track

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8,218 Commits
.github
.github
 
 
.idea
.idea
 
 
.mvn
.mvn
 
 
alpine
alpine
 
 
api
api
 
 
apiserver
apiserver
 
 
cache
cache
 
 
common
common
 
 
coverage-report
coverage-report
 
 
dev
dev
 
 
dex
dex
 
 
docs/adr
docs/adr
 
 
e2e
e2e
 
 
file-storage
file-storage
 
 
migration
migration
 
 
notification
notification
 
 
package-metadata
package-metadata
 
 
plugin
plugin
 
 
proto
proto
 
 
secret-management
secret-management
 
 
support
support
 
 
vuln-analysis
vuln-analysis
 
 
vuln-data-source
vuln-data-source
 
 
.gitignore
.gitignore
 
 
AGENTS.md
AGENTS.md
 
 
CLAUDE.md
CLAUDE.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
DEVELOPING.md
DEVELOPING.md
 
 
LICENSE.txt
LICENSE.txt
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
RELEASING.md
RELEASING.md
 
 
SECURITY.md
SECURITY.md
 
 
V5_MIGRATION.md
V5_MIGRATION.md
 
 
buf.yaml
buf.yaml
 
 
pom.xml
pom.xml
 
 

Repository files navigation

OWASP Dependency-Track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM).

Build Status Test Status E2E Test Status Documentation License

Important

Looking for Dependency-Track v4?

Quickstart

Want to kick the tires? Follow the Quickstart tutorial to get a local instance running with Docker Compose in a few minutes.

Documentation

User-facing documentation is rendered at https://dependencytrack.github.io/docs/ and maintained in the docs repository.

Contributing

  1. Code of conduct
  2. Contribution guidelines
  3. Developer guide

Community

Dependency-Track is an open source project maintained by a community of contributors. Join the monthly community meeting to hear project updates, ask questions, and meet other users and maintainers.

See also

About

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

dependencytrack.org/

Topics

security owasp bom vulnerabilities appsec component-analysis nvd vulnerability-detection hacktoberfest sca software-security security-automation devsecops software-composition-analysis bill-of-materials ossindex purl package-url sbom cyclonedx

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

3.9k stars

Watchers

76 watching

Forks

743 forks
Report repository

Releases 83

5.0.0 Latest
Jun 7, 2026
+ 82 releases

Sponsor this project

Packages

 
 
 

Contributors

Languages