owasp/dependency-track

Sponsored OSS

By OWASP

Updated over 5 years ago

Dependency-Track is an intelligent Component Analysis platform

Image
Security
Integration & delivery
Monitoring & observability
23

1M+

owasp/dependency-track repository overview

Legacy Repository

This repository consists of container images for Dependency-Track v3.0 - v3.8. For versions v4.0 and higher, refer to the new repositories.

Description

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk from the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.

Dependency-Track monitors component usage across all versions of every application in its portfolio in order to proactively identify risk across an organization. The platform has an API-first design and is ideal for use in Continuous Integration (CI) and Continuous Delivery (CD) environments.

dashboard

Quick Start


docker pull owasp/dependency-track
docker volume create --name dependency-track
docker run -d -m 8192m -p 8080:8080 --name dependency-track -v dependency-track:/data owasp/dependency-track

MinimumRecommended
4.5GB RAM16GB RAM
2 CPU cores4 CPU cores

Features

  • Tracks application, library, framework, operating system, and hardware components
  • Tracks component usage across all version of every application in an organizations portfolio
  • Identifies multiple forms of risk including
    • Components with known vulnerabilities
    • Out-of-date components
    • Modified components
    • License risk
    • More coming soon...
  • Integrates with multiple sources of vulnerability intelligence including:
  • Ecosystem agnostic with built-in repository support for:
    • Gems (Ruby)
    • Hex (Erlang/Elixir)
    • Maven (Java)
    • NPM (Javascript)
    • NuGet (.NET)
    • Pypi (Python)
    • More coming soon.
  • Includes a comprehensive auditing workflow for triaging results
  • Configurable notifications supporting Slack, Microsoft Teams, Webhooks, and Email
  • Supports standardized SPDX license ID’s and tracks license use by component
  • Supports importing CycloneDX and SPDX Software Bill-of-Materials (SBOM) formats
  • Easy to read metrics for components, projects, and portfolio
  • Native support for Kenna Security, Fortify SSC, and ThreadFix
  • API-first design facilitates easy integration with other systems
  • API documentation available in OpenAPI format
  • Supports internally managed users, Active Directory/LDAP, and API Keys
  • Simple to install and configure. Get up and running in just a few minutes

Community

Visit the Dependency-Track Project Website for general information, tutorials, and links to community resources.

Tag summary

Content type

Image

Digest

Size

150.8 MB

Last updated

over 5 years ago

docker pull owasp/dependency-track:snapshot

This week's pulls

Pulls:

885

Jun 29 to Jul 5