| .github | ||
| .idea | ||
| .mvn | ||
| alpine | ||
| api | ||
| apiserver | ||
| cache | ||
| common | ||
| coverage-report | ||
| dev | ||
| dex | ||
| docs/adr | ||
| e2e | ||
| file-storage | ||
| migration | ||
| notification | ||
| package-metadata | ||
| plugin | ||
| proto | ||
| secret-management | ||
| support | ||
| vuln-analysis | ||
| vuln-data-source | ||
| .gitignore | ||
| AGENTS.md | ||
| buf.yaml | ||
| CLAUDE.md | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| DEVELOPING.md | ||
| LICENSE.txt | ||
| Makefile | ||
| pom.xml | ||
| README.md | ||
| RELEASING.md | ||
| SECURITY.md | ||
| V5_MIGRATION.md | ||
OWASP Dependency-Track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM).
Important
Looking for Dependency-Track v4?
- v4 is in maintenance mode on the
4.14.xbranch.- v4 documentation: https://dependencytrack.github.io/docs/4.x.
- Migrating from v4 to v5? See V5_MIGRATION.md.
- v4 will reach end-of-life in December 2026, ~6 months after v5 GA.
Quickstart
Want to kick the tires? Follow the Quickstart tutorial to get a local instance running with Docker Compose in a few minutes.
Documentation
User-facing documentation is rendered at https://dependencytrack.github.io/docs/ and maintained in the docs repository.
Contributing
Community
Dependency-Track is an open source project maintained by a community of contributors. Join the monthly community meeting to hear project updates, ask questions, and meet other users and maintainers.
See also
- frontend: Frontend repository
- docs: Documentation repository
- helm-charts: Helm charts
- community: Community resources