layout | title | site_side | tags | level | type | pitch |
---|---|---|---|---|---|---|
col-sidebar |
OWASP Dependency-Track |
true |
dependency-track dtrack sca scrm sbom bom component-analysis supply-chain cpe purl license vulnerability impact |
4 |
tool |
Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. |
For more details about Dependency-Track see the projects website at dependencytrack.org
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
<iframe src="https://www.youtube.com/embed/cQuk6jKTrTs" frameborder="0" allowfullscreen
style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe>
Dependency-Track monitors component usage across all versions of every application in its portfolio in order to proactively identify risk across an organization. The platform has an API-first design and is ideal for use in CI/CD environments.