www.dependencytrack.org Open in urlscan Pro
2606:4700:3037::ac43:d8e0  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Home
 * Platform
 * Download
 * Documentation
 * 


Reduce Supply Chain Risk


CONTINUOUS SBOM ANALYSIS PLATFORM

Download v4.11

Operationalize Software Bill of Materials

SBOM Production


CycloneDX Software Bill of Materials created during CI/CD or acquired from
suppliers


SBOM Ingestion

SBOMs published to Dependency-Track via REST, Jenkins plugin, or uploaded
through web interface

SBOM Analysis


Analyzes components for security, operational, and license risk

Intelligence Streams


Produces real-time analysis and security events delivering actionable findings
to external systems


Continuous Monitoring

Continuously analyzes portfolio for risk and policy compliance


Intelligent Response

Events delivered via webhooks or chat-ops and findings published to risk
management and vulnerability aggregation platforms

Your browser does not support the video tag.


CONTINUOUS INTEGRATION

Consume and analyze SBOMs at high-velocity. Ideal for use with modern build
pipelines.


CONTINUOUS INSIGHT

Identify risk across all assets and applications. Quickly answer what is
affected and where.


CONTINUOUS TRANSPARENCY

Full-stack component inventory. Optionally republish SBOMs to others in the
supply chain.


ACCURATE AND COMPLETE FULL-STACK INVENTORY

Track usage of libraries and frameworks, applications, containers, operating
systems, firmware, hardware, and services across all projects in the
Dependency-Track portfolio. Get full-stack traceability for the cloud, for the
enterprise, for smart devices, and for IoT.




IDENTIFY AND REMEDIATE VULNERABLE COMPONENTS

Bring vulnerable components to light with support for multiple sources of
vulnerability intelligence including the National Vulnerability Database (NVD),
Sonatype OSS Index, GitHub Advisories, Snyk, OSV, and VulnDB from Risk Based
Security.




MEASURE AND ENFORCE POLICY COMPLIANCE

Security, operational, and license policies ensure that associated risk is
quickly identified across development teams, suppliers, and partners in the
supply chain





PLATFORM FEATURES

Dependency-Track is an intelligent Component Analysis platform that allows
organizations to identify and reduce risk in the software supply chain.


VULNERABILITY DETECTION

Identify known vulnerabilities in third-party components via integration with
the NVD, OSS Index, GitHub, Snyk, OSV, and VulnDB


POLICY EVALUATION

Measure and enforce security, operational, and license policy compliance for
individual projects or the entire portfolio


IMPACT ANALYSIS

Rapidly respond to identified vulnerabilities for projects which are affected
from vulnerable components


EXPLOIT PREDICTION

Prioritize mitigation by leveraging integrated support for the Exploit
Prediction Scoring System (EPSS)


AUDITING WORKFLOW

Quickly triage findings and policy violations, capture commentary and analysis
decisions in an audit trail


OUTDATED VERSION DETECTION

Identifies components that are not the most recent available which indirectly
impact project health and risk


FULL-STACK INVENTORY

Tracks usage of libraries, frameworks, applications, containers, operating
systems, firmware, hardware, and services


BILL OF MATERIALS (BOM)

Consumes, analyzes, and produces CycloneDX Software Bill of Materials (SBOM), an
OWASP and industry standard


VULNERABILITY AGGREGATION

Native integration with multiple application risk platforms providing
organizations a consolidated view of prioritized findings


NIST VDR

Produces CycloneDX Vulnerability Disclosure Reports (VDR) that exceed
requirements defined in NIST SP 800-161


CISA VEX

Produces and consumes CycloneDX Vulnerability Exploitability eXchange (VEX)
exceeding CISA recommendations


NOTIFICATIONS

Automates notifications to Slack, Microsoft Teams, Mattermost, Cisco WebEx,
outbound webhooks, and email


ENTERPRISE READY

Supports Single Sign On (SSO) via OpenID Connect (OIDC) and supports Active
Directory and LDAP authentication


API AND INTEGRATION

Well documented API-first design integrates easily with other systems providing
endless possibilities


TIME SERIES METRICS

Provides trending details of the inherited risk and policy violations for all
projects and components in the portfolio


OPEN SOURCE

Community-driven project distributed under the Apache 2.0 license Large and
active community of contributors and adopters.



CONNECTORS & INTEGRATIONS

prev
next




INSTALLATION

 * Docker Compose
 * Docker Swarm

curl -LO https://dependencytrack.org/docker-compose.yml
docker-compose up -d


curl -LO https://dependencytrack.org/docker-compose.yml
docker swarm init
docker stack deploy -c docker-compose.yml dtrack




© Copyright 2013-2023 The OWASP Foundation

 * Home
 * Platform
 * Download
 * Documentation
 * 



×
<
>