Menu

View all projects

View all chapters

No events found

View all events

No meetings found

View all meetings

No news posts found

About OWASP Our Mission Corporate Support Project Handbook Submit Project

OWASP Dependency-Track

Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Adopted By

20K+ Organizations

About OWASP Dependency-Track

Installation

Dependency-Track is distributed as Docker containers.

Docker Compose

curl -LO https://dependencytrack.org/docker-compose.yml docker-compose up -d

Docker Swarm

curl -LO https://dependencytrack.org/docker-compose.yml docker swarm init docker stack deploy -c docker-compose.yml dtrack

Project Resources

• dependencytrack.org

• Component Analysis

• Software Bill of Materials

• National Vulnerability Database

• GitHub Advisories

• Sonatype OSS Index

• Risk Based Security

• Exploit Prediction Scoring System (EPSS)

Project Leaders

@media

Project Information

Language

Java

License

Apache 2.0

Latest Version

v4.5.0

Contributors

75

GitHub Stars

3500

Requirements

Docker environment
Java runtime environment
PostgreSQL database (recommended)
Network connectivity for vulnerability feeds
Adequate storage for component data

Corporate Supporters

OWASP is a nonprofit foundation improving software security through open-source projects, global communities, and education. All resources are free and open to everyone.

OWASP, the OWASP logo, and Global AppSec are registered trademarks and AppSec Days, AppSec California, AppSec Cali, SnowFROC, OWASP Boston Application Security Conference, and LASCON are trademarks of the OWASP Foundation, Inc.

© 2026, OWASP Foundation Inc. All rights reserved.