us.springett alpine-parent 3.4.0 4.0.0 org.dependencytrack dependency-track war 4.14.0-SNAPSHOT Dependency-Track https://dependencytrack.org/ Dependency-Track is an intelligent component analysis platform that allows organizations to identify and reduce risk in the software supply chain. 2013 OWASP Apache-2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo Steve Springett Steve.Springett@owasp.org OWASP http://www.owasp.org/ Architect Developer scm:git:git@github.com:DependencyTrack/dependency-track.git https://github.com/DependencyTrack/dependency-track.git scm:git:git@github.com:DependencyTrack/dependency-track.git HEAD github https://github.com/DependencyTrack/dependency-track/issues github-actions https://github.com/DependencyTrack/dependency-track/actions 21 21 4.13.6 ${project.parent.version} 4.3.0 0.1.2 12.2.0 1.27.0 1.27.0 1.27.0 3.0.1 1.28.0 1.14.0 0.149.0 1.0.1 11.0.1 3.1.1 2.1.7 20250517 5.1.0 5.11.4 8.11.4 3.9.11 5.15.0 9.0.2 1.5.0 4.0.0 4.33.1 2.3.0 2.1.36 2.3.0 2.0.2 2.35.2 7.1.1 2.1.1 4.5.14 5.5.1 2.0.17 1.330 1.4.0 13.2.1.jre11 8.2.0 42.7.8 false 12.1.4 3.11.4 src/main/webapp/** cyclonedx true us.springett alpine-common ${lib.alpine.version} us.springett alpine-model ${lib.alpine.version} us.springett alpine-infra ${lib.alpine.version} us.springett alpine-server ${lib.alpine.version} org.metaeffekt.core ae-security ${lib.ae-security.version} us.springett owasp-risk-rating-calculator ${lib.owasp-rr-calculator.version} us.springett cpe-parser ${lib.cpe-parser.version} org.cyclonedx cyclonedx-core-java ${lib.cyclonedx-java.version} org.json json ${lib.json-java.version} jakarta.servlet jakarta.servlet-api provided jakarta.validation jakarta.validation-api ${lib.jakarta-validation.version} com.github.package-url packageurl-java ${lib.packageurl.version} org.apache.lucene lucene-core ${lib.lucene.version} org.apache.lucene lucene-analyzers-common ${lib.lucene.version} org.apache.lucene lucene-queryparser ${lib.lucene.version} org.apache.lucene lucene-queries ${lib.lucene.version} org.apache.lucene lucene-sandbox ${lib.lucene.version} io.github.jeremylong open-vulnerability-clients ${lib.open-vulnerability-clients.version} io.pebbletemplates pebble ${lib.pebble.version} com.google.protobuf protobuf-java ${lib.protobuf-java.version} com.google.protobuf protobuf-java-util ${lib.protobuf-java.version} io.swagger.core.v3 swagger-jaxrs2-jakarta ${lib.swagger.version} io.swagger.parser.v3 swagger-parser ${lib.swagger-parser.version} test org.apache.httpcomponents httpclient ${lib.httpclient.version} org.apache.httpcomponents.client5 httpclient5 ${lib.httpclient5.version} oauth.signpost signpost-core ${lib.signpost-core.version} org.brotli dec ${lib.brotli-decoder.version} org.apache.httpcomponents httpmime ${lib.httpclient.version} com.fasterxml.woodstox woodstox-core ${lib.woodstox.version} org.apache.maven maven-artifact ${lib.maven-artifact.version} com.microsoft.sqlserver mssql-jdbc ${lib.jdbc-driver.mssql.version} com.mysql mysql-connector-j ${lib.jdbc-driver.mysql.version} com.google.protobuf protobuf-java org.postgresql postgresql ${lib.jdbc-driver.postgresql.version} com.google.cloud.sql mysql-socket-factory-connector-j-8 ${lib.cloud-sql-mysql-socket-factory-connector-j-8.version} com.google.cloud.sql postgres-socket-factory ${lib.cloud-sql-postgres-socket-factory.version} com.google.cloud.sql cloud-sql-connector-jdbc-sqlserver ${lib.cloud-sql-connector-jdbc-sqlserver.version} org.apache.commons commons-compress ${lib.commons-compress.version} org.apache.commons commons-text ${lib.commons-text.version} io.github.resilience4j resilience4j-retry ${lib.resilience4j.version} io.github.resilience4j resilience4j-ratelimiter ${lib.resilience4j.version} io.github.resilience4j resilience4j-micrometer ${lib.resilience4j.version} org.slf4j log4j-over-slf4j ${lib.log4j-over-slf4j.version} org.kohsuke github-api ${lib.org-kohsuke-github-api.version} com.asahaf.javacron javacron ${lib.com-asahaf-javacron.version} org.junit.jupiter junit-jupiter ${lib.junit.version} test org.junit.jupiter junit-jupiter-api ${lib.junit.version} test org.junit.jupiter junit-jupiter-engine ${lib.junit.version} test org.glassfish.jersey.test-framework.providers jersey-test-framework-provider-grizzly2 ${lib.jersey.version} test junit junit org.glassfish.jersey.connectors jersey-grizzly-connector ${lib.jersey.version} test org.mockito mockito-core ${lib.mockito.version} test com.github.tomakehurst wiremock-jre8-standalone ${lib.wiremock.version} test org.junit-pioneer junit-pioneer ${lib.junit-pioneer.version} test org.assertj assertj-core ${lib.assertj.version} test net.javacrumbs.json-unit json-unit-assertj ${lib.json-unit.version} test org.mock-server mockserver-netty ${lib.mockserver-netty.version} test org.awaitility awaitility ${lib.awaitility.version} test com.icegreen greenmail-junit5 ${lib.greenmail.version} test org.testcontainers testcontainers ${lib.testcontainers.version} test ${project.artifactId} src/main/resources false src/main/resources true application.version openapi-configuration.yaml src/test/resources false org.apache.maven.plugins maven-source-plugin attach-sources none org.apache.maven.plugins maven-javadoc-plugin attach-javadocs none org.apache.maven.plugins maven-checkstyle-plugin 3.6.0 ${project.basedir}/.checkstyle.xml false false validate check com.puppycrawl.tools checkstyle ${lib.checkstyle.version} io.github.ascopes protobuf-maven-plugin 4.0.3 ${lib.protobuf-java.version} ${project.basedir}/src/main/proto generate-sources generate org.apache.maven.plugins maven-surefire-plugin java.util.logging.config.file src/test/resources/logging.properties true org.jacoco jacoco-maven-plugin org/dependencytrack/upgrade/**/* trivy/proto/**/* org.cyclonedx cyclonedx-maven-plugin cyclonedx-aggregate prepare-package makeAggregateBom application 1.5 true true true true false false true json false advisories https://github.com/DependencyTrack/dependency-track/security/advisories chat https://dependencytrack.org/slack documentation https://docs.dependencytrack.org/ release-notes https://docs.dependencytrack.org/changelog/ security-contact mailto:security@dependencytrack.org social https://www.linkedin.com/company/owasp-dependency-track social https://x.com/dependencytrack org.codehaus.mojo exec-maven-plugin 3.6.2 merge-services-bom prepare-package exec ${cyclonedx-cli.path} merge --input-files ${project.build.directory}/bom.json ${project.basedir}/src/main/resources/services.bom.json --output-file ${project.build.directory}/bom.json ${services.bom.merge.skip} maven-antrun-plugin 3.2.0 deploy-bom prepare-package run org.eclipse.jetty.ee10 jetty-ee10-maven-plugin ${plugin.jetty.version} true ^$ ^$ quick quickly true true true clean-exclude-wars org.apache.maven.plugins maven-clean-plugin 3.5.0 true target false false */ dependency-track*.jar embedded-jetty env.ACTIVATE_EMBEDDED_JETTY true ${project.build.finalName}-apiserver h2-console org.eclipse.jetty.ee10 jetty-ee10-maven-plugin ${plugin.jetty.version} true ^$ ^$ src/test/webapp/WEB-INF/h2-console-web.xml bundle-ui env.ACTIVATE_BUNDLE_UI true ${project.build.finalName}-bundled maven-antrun-plugin 3.2.0 frontend-download prepare-package run frontend-extract prepare-package run frontend-resource-deploy prepare-package run