mirror of https://github.com/DependencyTrack/dependency-track.git synced 2026-06-18 19:41:42 +00:00

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. https://dependencytrack.org/

Find a file

Niklas 03f1364c7a Merge pull request #6463 from nscuro/dev-services-container-reuse Reuse testcontainers for dev mode		2026-06-18 19:58:16 +02:00
.github	Add Squawk for migration linting	2026-06-15 15:06:33 +02:00
.idea	Rename container image and add tag policy	2026-05-28 17:45:10 +02:00
.mvn	Always run manifest generation for DN plugin, even when restoring from cache	2026-06-04 15:42:34 +02:00
alpine	chore(deps): Bump org.eclipse.parsson:jakarta.json from 1.1.7 to 1.1.9	2026-06-16 08:07:24 +00:00
api	chore(deps-dev): Bump org.openapitools:openapi-generator-maven-plugin	2026-06-17 08:08:25 +00:00
apiserver	Reuse testcontainers for dev mode	2026-06-18 19:41:48 +02:00
cache	Centralize test DB lifecycle and reuse across modules	2026-06-17 00:52:57 +02:00
common	[maven-release-plugin] prepare for next development iteration	2026-06-07 15:27:21 +00:00
coverage-report	[maven-release-plugin] prepare for next development iteration	2026-06-07 15:27:21 +00:00
dev	Standardize config property names and remove legacy shims	2026-06-01 00:45:22 +02:00
dex	dex: Fix over-reporting of activity task queue depth metric	2026-06-17 15:58:29 +02:00
docs	ADR for feature "Known Exploited Vulnerabilities" (#6315 )	2026-06-17 14:31:12 +02:00
e2e	Add e2e test for application of OWASP RR rating via VEX import	2026-06-15 23:45:53 +02:00
file-storage	Eliminate more unnecessary wait times in tests	2026-06-16 22:16:50 +02:00
migration	Fix bad CPE query performance for internal vuln analyzer	2026-06-17 14:19:50 +02:00
notification	Fix MIME type of email notification templates not being set correctly	2026-06-17 18:41:58 +02:00
package-metadata	Apply stricter PURL normalization for NPM package metadata resolution	2026-06-08 12:19:17 +02:00
plugin	Centralize test DB lifecycle and reuse across modules	2026-06-17 00:52:57 +02:00
proto	[maven-release-plugin] prepare for next development iteration	2026-06-07 15:27:21 +00:00
secret-management	Centralize test DB lifecycle and reuse across modules	2026-06-17 00:52:57 +02:00
support	v4-migrator: Don't migrate obsolete notification groups for notification rules	2026-06-17 15:22:08 +02:00
vuln-analysis	Fix bad CPE query performance for internal vuln analyzer	2026-06-17 14:19:50 +02:00
vuln-data-source	Fix URL-encoding of OSV ecosystem names when retrieving incremental advisories	2026-06-11 10:32:59 +02:00
.gitignore	Implement CSAF support (#1462 )	2025-11-20 11:28:02 +01:00
.squawk.toml	Add Squawk for migration linting	2026-06-15 15:06:33 +02:00
AGENTS.md	Add Squawk for migration linting	2026-06-15 15:06:33 +02:00
buf.yaml	Leverage conditional revalidation for package metadata resolution	2026-05-04 16:56:51 +02:00
CLAUDE.md	Add AGENTS.md	2026-02-27 16:29:35 +01:00
CODE_OF_CONDUCT.md	initial commit	2018-10-02 16:03:51 -05:00
CONTRIBUTING.md	Document expected ADR format and writing style	2026-06-05 16:38:15 +02:00
DEVELOPING.md	Reuse testcontainers for dev mode	2026-06-18 19:41:48 +02:00
LICENSE.txt	Create LICENSE.txt	2017-10-28 15:22:16 -05:00
Makefile	Reuse testcontainers for dev mode	2026-06-18 19:41:48 +02:00
pom.xml	Merge pull request #6435 from DependencyTrack/dependabot/maven/lib.protobuf-java.version-4.35.1	2026-06-17 14:18:05 +02:00
README.md	Update README for GA release	2026-06-07 17:00:13 +02:00
RELEASING.md	Document patch release procedure	2026-06-11 00:41:57 +02:00
SECURITY.md	Updated email address	2021-10-07 08:00:54 -05:00
V5_MIGRATION.md	Add v5 migration notes	2026-05-18 22:19:53 +02:00

README.md

OWASP Dependency-Track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM).

Important

Looking for Dependency-Track v4?

v4 is in maintenance mode on the 4.14.x branch.

v4 documentation: https://dependencytrack.github.io/docs/4.x.

Migrating from v4 to v5? See V5_MIGRATION.md.

v4 will reach end-of-life in December 2026, ~6 months after v5 GA.

Quickstart

Want to kick the tires? Follow the Quickstart tutorial to get a local instance running with Docker Compose in a few minutes.

Documentation

User-facing documentation is rendered at https://dependencytrack.github.io/docs/ and maintained in the docs repository.

Contributing

Community

Dependency-Track is an open source project maintained by a community of contributors. Join the monthly community meeting to hear project updates, ask questions, and meet other users and maintainers.