Stowage/dependency-track
2
0
Fork 0
mirror of https://github.com/DependencyTrack/dependency-track.git synced 2025-10-19 16:03:19 +00:00
Code Issues Projects Releases Packages Wiki Activity
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. https://dependencytrack.org/
726 commits 57 branches 80 tags 118 MiB
Find a file
Exact
Steve Springett 5a30b3ee33 Update README.md
2016-10-14 00:31:16 -05:00
src Corrected queries 2016-04-16 22:45:46 -05:00
.gitignore Added gitignore for eclipse + idea 2015-11-17 21:23:02 +11:00
.travis.yml Updating build script 2016-03-11 03:16:37 -06:00
fortify.sh Adding source resolution to pom and Fortify SCA script 2015-02-15 00:55:13 -06:00
LICENSE.txt Rename LICENSE to LICENSE.txt 2013-07-24 15:39:54 -07:00
NOTICES.txt Removed ATG json. Excluded jta sources missing from central 2015-11-27 12:59:47 +11:00
pom.xml Updating dependency-check 2016-04-10 13:12:28 -05:00
README.md Update README.md 2016-10-14 00:31:16 -05:00

README.md

Download

Dependency-Track

Version 2.0 Development Branch (SpringBoot)

This branch was an attempt to modernize Dependency-Track by updating many of the core components including Hibernate and Spring. It also introduced SpringBoot. I'd like to thank all of the contributors who submited enhancements, defects, and ideas for this version. Unforntuantly, the amount of effort necessary to correct all the defects and continue to add new features, far exceeds the limitations of the current design and my capability to devote the time necessary to make it happen.

There's a lot of ideas for future direction of the project and this branch is holding those goals back. Therefore, I do not intend to release the code in this branch. It will remain here, archived, for anyone to pick up and experiment with. But it will not be supported. All new development is focused on v3.0 and beyond.

Introduction

OWASP Dependency-Track is a Java web application that allows organizations to document the use of third-party components across multiple applications and versions. Further, it provides automatic visibility into the use of components with known vulnerabilities.

The OWASP Top Ten 2013 introduces, for the first time, the use of third-party components with known vulnerabilities. Dependency-Track aims to document the usage of all components, the vendors, libraires, versions and licenses used and provide visibility into the use of vulnerable components.

Development of Dependency-Track is sponsored in part by Axway

Installation, configuration and how-to's can be found on the GitHub Wiki.

General project information can be found on the OWASP Wiki.

Usage

$ mvn clean package

Finally, deploy the resulting WAR to your web application server (Tomcat, Jetty, etc)

or leverage the power of Spring Boot and simply execute

java -jar dtrack.war

If compiling from source, dtrack.war will reside in the 'target' directory.

Mailing List

Subscribe: [https://lists.owasp.org/mailman/listinfo/owasp_dependency_track_project] subscribe

Post: [owasp_dependency_track_project@lists.owasp.org] post

Copyright & License

Dependency-Track is Copyright (c) Axway. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the GPLv3 license. See the [LICENSE.txt] GPLv3 file for the full license.

Dependency-Track makes use of several other open source libraries. Please see the [NOTICES.txt] notices file for more information.