Fork me on GitHub
Reduce Open Source Risk

Continuous Component Analysis Platform

Discover how third-party components introduce risk

Continuous analysis of third-party and open source components provides greater visibility on inherited risk.


Continuous Component Analysis

Dependency-Track is an intelligent Component Analysis platform that allows organizations to quickly identify third-party and open source components that are placing your applications at risk.


Provides high-level metrics and trends on the inherited risk for all projects and components in the portfolio

Continuous Delivery

Excels in rapidly changing CI/CD environments by encouraging ingestion and analysis of continuously updated components

Rapid Response

Identifies vulnerabilities in all projects and applications which are affected from the use of vulnerable components

Supply Chain Risk

Expands traditional Software Composition Analysis (SCA) by recognizing hardware/IoT as components with potential vulnerabilities

API and Integration

Well documented API-first design integrates easily with other systems providing endless possibilities

Vulnerability Datasources

Mirrors data from multiple sources of vulnerability intelligence providing more coverage on a wider range of components

Open Source

Community-driven project which encourages continuous improvement and is distributed under the Apache 2.0 license

Bill of Materials (BoM)

Supports automatic ingestion of CycloneDX and SPDX BoM formats along with Dependency-Check reports

Enterprise Integrations

Supports Active Directory/LDAP authentication and multiple commercial and open source database engines