Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM).
Important
Looking for Dependency-Track v4?
- v4 is in maintenance mode on the
4.14.xbranch. - v4 documentation: https://dependencytrack.github.io/docs/4.x.
- Migrating from v4 to v5? See V5_MIGRATION.md.
- v4 will reach end-of-life in December 2026, ~6 months after v5 GA.
Want to kick the tires? Follow the Quickstart tutorial to get a local instance running with Docker Compose in a few minutes.
User-facing documentation is rendered at https://dependencytrack.github.io/docs/ and maintained in the docs repository.
Dependency-Track is an open source project maintained by a community of contributors. Join the monthly community meeting to hear project updates, ask questions, and meet other users and maintainers.
- frontend: Frontend repository
- docs: Documentation repository
- helm-charts: Helm charts
- community: Community resources