dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. (by DependencyTrack)
Add to my DEV experience Owasp Appsec Security bom Vulnerabilities component-analysis Nvd software-security software-composition-analysis sca bill-of-materials vulndb package-url purl vulnerability-detection ossindex sbom Devsecops security-automation cyclonedx
Source Code
dependencytrack.org
dependency-track Reviews
Suggest alternative
Edit details
The modern identity platform for B2B SaaS
The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
workos.com
Sponsored

Dependency-track Alternatives

Similar projects and alternatives to dependency-track

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better dependency-track alternative or higher similarity.
Suggest an alternative to dependency-track

dependency-track reviews and mentions

Posts with mentions or reviews of dependency-track. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-04-21.
  • Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub
    3 projects | news.ycombinator.com | 21 Apr 2024
    I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.

    I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.

    It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.

    Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)

  • SQL Injection Isn't Dead Yet
    2 projects | dev.to | 15 Apr 2024
    To detect these types of vulnerabilities, we should first and foremost know our dependencies and versions, and which of them have vulnerabilities. The OWASP Top 10 2021 identifies this need as A06:2021-Vulnerable and Outdated Components. OWASP has several tools for this, including Dependency Check and Dependency Track. These tools will warn about the use of components with vulnerabilities.
  • Dependency-Track
    1 project | news.ycombinator.com | 27 Oct 2023
  • Krita fund has 0 corporate support
    7 projects | news.ycombinator.com | 5 Oct 2023
    https://dependencytrack.org/

    You just need to use one of the various tools out there to scan.

  • Friends - needs help choosing solution for SBOM vulnerability
    2 projects | /r/devops | 1 Jun 2023
    OWASP Dependency Track - https://dependencytrack.org/
  • An Overview of Kubernetes Security Projects at KubeCon Europe 2023
    17 projects | dev.to | 22 May 2023
    Dependency-Track
  • software inventory of my ECS tasks
    2 projects | /r/aws | 21 Jan 2023
    I actually want to build the same thing you are after, and I think I’ll go for the setup you describe in idea 2. The tool you can use for this is Trivy (https://trivy.dev), have it generate a SBOM and send it to Dependencytrack (https://dependencytrack.org).
  • The ultimate guide to Java Security Vulnerabilities (CVE)
    2 projects | /r/java | 29 Dec 2022
    If you like Dependency-Track, consider moving to Dependency-Track ( https://dependencytrack.org ), which makes administration much easier.
  • Is there any news about 64 bit Steam?
    1 project | /r/linux_gaming | 26 Nov 2022
    Even if you roll up the sleeves and add the feature yourself there is no guarantee it will be accepted upstream and you should always be prepared for the possibility of wasting time.
  • The SBOM Frenzy Is Premature
    1 project | news.ycombinator.com | 5 Oct 2022
    I don't quite understand the deployment issue. I mean, I understand people might not be tracking what's deployed, but I don't understand what is missing for it to be happening today, other than will.

    For example: I build some software into a Docker image, version tag it, sign it, and generate an SBOM for it. That image goes into production with signature validation. Even if I've included 100 jar files in there, I should know exactly which ones I have. I can upload the SBOM to my DependencyTrack[1] instance to so over time no dependencies have vulnerabilities I'm not aware of.

    What doesn't work in that scenario? What scenarios can't conform to that one?

    [1] https://dependencytrack.org

  • A note from our sponsor - SaaSHub
    www.saashub.com | 26 Apr 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Stats

Basic dependency-track repo stats
18
2,315
9.8
7 days ago

DependencyTrack/dependency-track is an open source project licensed under Apache License 2.0 which is an OSI approved license.

The primary programming language of dependency-track is Java.

Popular Comparisons

  1. dependency-track VS trivy
  2. dependency-track VS DependencyCheck
  3. dependency-track VS scancode-toolkit
  4. dependency-track VS gitlab
  5. dependency-track VS sbt-dependency-check
  6. dependency-track VS ort
  7. dependency-track VS cyclonedx-bom-repo-server
  8. dependency-track VS syft
  9. dependency-track VS OPA (Open Policy Agent)
  10. dependency-track VS cyclonedx-maven-plugin

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com