OWASP Dependency-Track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk
in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the
capabilities of Software Bill of Materials (SBOM).

[!IMPORTANT]
Looking for Dependency-Track v4?

• v4 is in maintenance mode on the 4.14.x branch.
• v4 documentation: https://dependencytrack.github.io/docs/4.x.
• Migrating from v4 to v5? See V5_MIGRATION.md.
• v4 will reach end-of-life in December 2026, ~6 months after v5 GA.

Quickstart

Want to kick the tires? Follow the Quickstart tutorial
to get a local instance running with Docker Compose in a few minutes.

Documentation

User-facing documentation is rendered at https://dependencytrack.github.io/docs/ and maintained in the docs repository.

Contributing

1. Code of conduct
2. Contribution guidelines
3. Developer guide

Community

Dependency-Track is an open source project maintained by a community of contributors.
Join the monthly community meeting
to hear project updates, ask questions, and meet other users and maintainers.

See also

• frontend: Frontend repository
• docs: Documentation repository
• helm-charts: Helm charts
• community: Community resources