Fork me on GitHub
Reduce Open Source Risk

Continuous Component Analysis Platform

Discover how third-party components introduce risk

Continuous analysis of third-party and open source components provides greater visibility on inherited risk.


Continuous Component Analysis

Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.


Provides high-level metrics and trends on the inherited risk for all projects and components in the portfolio

Continuous Delivery

Excels in rapidly changing CI/CD environments by encouraging ingestion and analysis of continuously updated components

Impact Analysis

Rapidly respond to identified vulnerabilities for projects which are affected from vulnerable components

Auditing Workflow

Quickly review findings for accuracy and make analysis decisions and comments on a per-project basis, or globally

Out-of-Date Detection

Identifies components that are not the most recent available which indirectly impact project health and risk


Supports notifications to Slack, Microsoft Teams, outbound webhooks, and email, enabling new levels of collaboration and automation

Supply Chain Risk

Expands traditional Software Composition Analysis (SCA) by recognizing hardware/IoT as components with potential vulnerabilities

API and Integration

Well documented API-first design integrates easily with other systems providing endless possibilities

Vulnerability Datasources

Mirrors data from multiple sources of vulnerability intelligence providing more coverage on a wider range of components

Open Source

Community-driven project which encourages continuous improvement and is distributed under the Apache 2.0 license

Bill of Materials (BoM)

Supports automatic ingestion of CycloneDX and SPDX BoM formats along with Dependency-Check reports

Enterprise Integrations

Supports Active Directory/LDAP authentication and multiple commercial and open source database engines