Reduce Open Source Risk

Continuous Component Analysis Platform

Platform Features

Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.


Provides high-level metrics and trends on the inherited risk for all projects and components in the portfolio

Continuous Delivery

Excels in rapidly changing CI/CD environments by encouraging ingestion and analysis of continuously updated components

Impact Analysis

Rapidly respond to identified vulnerabilities for projects which are affected from vulnerable components

Auditing Workflow

Quickly review findings for accuracy and make analysis decisions and comments on a per-project basis, or globally

Out-of-Date Detection

Identifies components that are not the most recent available which indirectly impact project health and risk


Supports notifications to Slack, Microsoft Teams, outbound webhooks, and email, enabling new levels of collaboration and automation

Supply Chain Risk

Expands traditional Software Composition Analysis (SCA) by recognizing hardware/IoT as components with potential vulnerabilities

API and Integration

Well documented API-first design integrates easily with other systems providing endless possibilities

Vulnerability Datasources

Mirrors data from multiple sources of vulnerability intelligence providing more coverage on a wider range of components

Vulnerability Aggregation

Native integration with multiple application risk platforms providing organizations a consolidated view of prioritized findings

Bill of Materials (BOM)

Promotes Software Transparency with support for the automatic ingestion of CycloneDX and SPDX BOM formats

Enterprise Integrations

Supports Active Directory/LDAP authentication and multiple commercial and open source database engines

Open Source

Community-driven project which encourages continuous improvement and is distributed under the Apache 2.0 license