Steve Springett

Dependency-Track is an intelligent Component Analysis platform that allows organizations to operationalize the use of CycloneDX Software Bill of Materials (SBOM). The platform allows organizations to quickly identify and reduce risk in the software supply chain and is ideal for use in modern DevSecOps environments, procurement, and M&A.

Discover the benefits of leveraging OWASP CycloneDX Software Bill of Materials along with OWASP Dependency-Track.

Dependency-Track maintains accurate and complete inventory of all libraries, frameworks, applications, containers, operating systems, firmware, hardware, and services across an organization. The platform provides full-stack traceability for the cloud, for the enterprise, for smart devices, and for IoT.

Dependency-Track can quickly identify vulnerable components and supports multiple sources of vulnerability intelligence including the National Vulnerability Database (NVD), Sonatype OSS Index, GitHub Advisories, and VulnDB from Risk Based Security. The platform has a flexible policy engine and identifies security, operational, and license risk across development teams, suppliers, and partners in the supply chain.