Skip to content

DependencyTrack/dependency-track

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8,146 Commits
.github
.github
 
 
.idea
.idea
 
 
.mvn
.mvn
 
 
alpine
alpine
 
 
api
api
 
 
apiserver
apiserver
 
 
cache
cache
 
 
common
common
 
 
coverage-report
coverage-report
 
 
dev
dev
 
 
dex
dex
 
 
docs/adr
docs/adr
 
 
e2e
e2e
 
 
file-storage
file-storage
 
 
migration
migration
 
 
notification
notification
 
 
package-metadata
package-metadata
 
 
plugin
plugin
 
 
proto
proto
 
 
secret-management
secret-management
 
 
support
support
 
 
vuln-analysis
vuln-analysis
 
 
vuln-data-source
vuln-data-source
 
 
.gitignore
.gitignore
 
 
AGENTS.md
AGENTS.md
 
 
CLAUDE.md
CLAUDE.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
DEVELOPING.md
DEVELOPING.md
 
 
LICENSE.txt
LICENSE.txt
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
RELEASING.md
RELEASING.md
 
 
SECURITY.md
SECURITY.md
 
 
V5_MIGRATION.md
V5_MIGRATION.md
 
 
buf.yaml
buf.yaml
 
 
pom.xml
pom.xml
 
 

Repository files navigation

OWASP Dependency-Track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM).

Build Status Test Status E2E Test Status Documentation License

Warning

Dependency-Track v5 is currently in release candidate stage and not yet generally available.

v5 release candidates are published for testing and feedback. They are not recommended for production deployments. The release candidate images are tagged 5.0.0-rc.<N> and are not pulled by :5-snapshot.

For production use, stay on the latest v4 release.

Important

Looking for Dependency-Track v4?

Documentation

User-facing documentation is rendered at dependencytrack.github.io/docs/next and maintained in the docs repository.

Contributing

  1. Code of conduct
  2. Contribution guidelines
  3. Developer guide

See also

About

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

dependencytrack.org/

Topics

security owasp bom vulnerabilities appsec component-analysis nvd vulnerability-detection hacktoberfest sca software-security security-automation devsecops software-composition-analysis bill-of-materials ossindex purl package-url sbom cyclonedx

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

3.9k stars

Watchers

76 watching

Forks

741 forks
Report repository

Releases 80

4.14.2 Latest
May 7, 2026
+ 79 releases

Sponsor this project

Packages

 
 
 

Contributors

Languages