Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
Provides high-level metrics and trends on the inherited risk for all projects and components in the portfolio
Excels in rapidly changing CI/CD environments by encouraging ingestion and analysis of continuously updated components
Rapidly respond to identified vulnerabilities for projects which are affected from vulnerable components
Quickly review findings for accuracy and make analysis decisions and comments on a per-project basis, or globally
Identifies components that are not the most recent available which indirectly impact project health and risk
Supports a wide range or attributes for describing and searching for projects, components, and other relevant data
Expands traditional Software Composition Analysis (SCA) by recognizing hardware/IoT as components with potential vulnerabilities
Well documented API-first design integrates easily with other systems providing endless possibilities
Mirrors data from multiple sources of vulnerability intelligence providing more coverage on a wider range of components
Community-driven project which encourages continuous improvement and is distributed under the Apache 2.0 license
Supports automatic ingestion of CycloneDX and SPDX BoM formats along with Dependency-Check reports
Supports Active Directory/LDAP authentication and multiple commercial and open source database engines
