Dependency-Track is an intelligent Component Analysis platform that allows organizations to quickly identify third-party and open source components that are placing your applications at risk.
Provides high-level metrics and trends on the inherited risk for all projects and components in the portfolio
Excels in rapidly changing CI/CD environments by encouraging ingestion and analysis of continuously updated components
Identifies vulnerabilities in all projects and applications which are affected from the use of vulnerable components
Expands traditional Software Composition Analysis (SCA) by recognizing hardware/IoT as components with potential vulnerabilities
Well documented API-first design integrates easily with other systems providing endless possibilities
Mirrors data from multiple sources of vulnerability intelligence providing more coverage on a wider range of components
Community-driven project which encourages continuous improvement and is distributed under the Apache 2.0 license
Supports automatic ingestion of CycloneDX and SPDX BoM formats along with Dependency-Check reports
Supports Active Directory/LDAP authentication and multiple commercial and open source database engines
