{"id":15032672,"url":"https://github.com/dependencytrack/dependency-track","last_synced_at":"2026-04-03T19:02:43.433Z","repository":{"id":37397045,"uuid":"11457947","full_name":"DependencyTrack/dependency-track","owner":"DependencyTrack","description":"Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.","archived":false,"fork":false,"pushed_at":"2026-03-26T21:02:50.000Z","size":114081,"stargazers_count":3691,"open_issues_count":1045,"forks_count":719,"subscribers_count":73,"default_branch":"master","last_synced_at":"2026-03-29T00:50:22.681Z","etag":null,"topics":["appsec","bill-of-materials","bom","component-analysis","cyclonedx","devsecops","hacktoberfest","nvd","ossindex","owasp","package-url","purl","sbom","sca","security","security-automation","software-composition-analysis","software-security","vulnerabilities","vulnerability-detection"],"latest_commit_sha":null,"homepage":"https://dependencytrack.org/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DependencyTrack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"custom":["https://owasp.org/donate/?reponame=www-project-dependency-track\u0026title=OWASP+Dependency-Track"]}},"created_at":"2013-07-16T19:16:43.000Z","updated_at":"2026-03-28T18:45:30.000Z","dependencies_parsed_at":"2025-12-15T15:02:10.528Z","dependency_job_id":null,"html_url":"https://github.com/DependencyTrack/dependency-track","commit_stats":{"total_commits":4244,"total_committers":160,"mean_commits":26.525,"dds":0.5252120640904807,"last_synced_commit":"72e582c07a5eb15bb1f5f0da6921ccc85483f3f8"},"previous_names":["stevespringett/dependency-track"],"tags_count":82,"template":false,"template_full_name":null,"purl":"pkg:github/DependencyTrack/dependency-track","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DependencyTrack%2Fdependency-track","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DependencyTrack%2Fdependency-track/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DependencyTrack%2Fdependency-track/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DependencyTrack%2Fdependency-track/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DependencyTrack","download_url":"https://codeload.github.com/DependencyTrack/dependency-track/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DependencyTrack%2Fdependency-track/sbom","scorecard":{"id":39393,"data":{"date":"2025-08-11","repo":{"name":"github.com/DependencyTrack/dependency-track","commit":"cfe0bc6599070331d917059f2c7d3520d11139f0"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/7 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/ci-build.yaml:31","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/ci-publish.yaml:43","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ci-release.yaml:44","Info: found token with 'none' permissions: .github/workflows/_meta-build.yaml:1","Info: found token with 'none' permissions: .github/workflows/ci-build.yaml:1","Info: found token with 'none' permissions: .github/workflows/ci-publish.yaml:1","Info: found token with 'none' permissions: .github/workflows/ci-release.yaml:1","Info: found token with 'none' permissions: .github/workflows/ci-test-pr-coverage.yml:1","Info: found token with 'none' permissions: .github/workflows/ci-test.yaml:1","Info: found token with 'none' permissions: .github/workflows/dependency-review.yaml:1","Info: found token with 'none' permissions: .github/workflows/lock.yaml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 4.13.3 not signed: https://api.github.com/repos/DependencyTrack/dependency-track/releases/237337440","Warn: release artifact 4.13.2 not signed: https://api.github.com/repos/DependencyTrack/dependency-track/releases/217451730","Warn: release artifact 4.13.1 not signed: https://api.github.com/repos/DependencyTrack/dependency-track/releases/215692347","Warn: release artifact 4.13.0 not signed: https://api.github.com/repos/DependencyTrack/dependency-track/releases/210698164","Warn: release artifact 4.12.7 not signed: https://api.github.com/repos/DependencyTrack/dependency-track/releases/205429157","Warn: release artifact 4.13.3 does not have provenance: https://api.github.com/repos/DependencyTrack/dependency-track/releases/237337440","Warn: release artifact 4.13.2 does not have provenance: https://api.github.com/repos/DependencyTrack/dependency-track/releases/217451730","Warn: release artifact 4.13.1 does not have provenance: https://api.github.com/repos/DependencyTrack/dependency-track/releases/215692347","Warn: release artifact 4.13.0 does not have provenance: https://api.github.com/repos/DependencyTrack/dependency-track/releases/210698164","Warn: release artifact 4.12.7 does not have provenance: https://api.github.com/repos/DependencyTrack/dependency-track/releases/205429157"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/DependencyTrack/dependency-track/ci-test.yaml/master?enable=pin","Warn: downloadThenRun not pinned by hash: .github/workflows/ci-test-pr-coverage.yml:28","Info:  19 out of  19 GitHub-owned GitHubAction dependencies pinned","Info:   7 out of   8 third-party GitHubAction dependencies pinned","Info:   4 out of   4 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during GetBranch(4.13.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T21:07:11.246Z","repository_id":37397045,"created_at":"2025-08-14T21:07:11.246Z","updated_at":"2025-08-14T21:07:11.246Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31371653,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-03T17:53:18.093Z","status":"ssl_error","status_checked_at":"2026-04-03T17:53:17.617Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","bill-of-materials","bom","component-analysis","cyclonedx","devsecops","hacktoberfest","nvd","ossindex","owasp","package-url","purl","sbom","sca","security","security-automation","software-composition-analysis","software-security","vulnerabilities","vulnerability-detection"],"created_at":"2024-09-24T20:19:06.317Z","updated_at":"2026-04-03T19:02:43.426Z","avatar_url":"https://github.com/DependencyTrack.png","language":"Java","readme":"[![Build Status](https://github.com/DependencyTrack/dependency-track/actions/workflows/ci-build.yaml/badge.svg)](https://github.com/DependencyTrack/dependency-track/actions?workflow=CI+Build)\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/b2ecd06dab57438a9a55bc4a71c5a8ce)](https://www.codacy.com/gh/DependencyTrack/dependency-track/dashboard?utm_source=github.com\u0026amp;utm_medium=referral\u0026amp;utm_content=DependencyTrack/dependency-track\u0026amp;utm_campaign=Badge_Grade)\n[![Alpine](https://img.shields.io/badge/built%20on-Alpine-blue.svg)](https://github.com/stevespringett/Alpine)\n[![License][license-image]][Apache License 2.0]\n[![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-orange.svg)](https://www.owasp.org/index.php/OWASP_Dependency_Track_Project)\n[![Website](https://img.shields.io/badge/https://-dependencytrack.org-blue.svg)](https://dependencytrack.org/)\n[![Documentation](https://img.shields.io/badge/read-documentation-blue.svg)](https://docs.dependencytrack.org/)\n[![Slack](https://img.shields.io/badge/chat%20on-slack-46BC99.svg)](https://dependencytrack.org/slack)\n[![Group Discussion](https://img.shields.io/badge/discussion-groups.io-blue.svg)](https://dependencytrack.org/discussion)\n[![YouTube Subscribe](https://img.shields.io/badge/youtube-subscribe-%23c4302b.svg)](https://dependencytrack.org/youtube)\n[![Twitter](https://img.shields.io/twitter/follow/dependencytrack.svg?label=Follow\u0026style=social)](https://twitter.com/dependencytrack)\n[![Downloads](https://img.shields.io/github/downloads/DependencyTrack/dependency-track/total.svg)](https://github.com/DependencyTrack/dependency-track/releases)\n[![Latest](https://img.shields.io/github/release/DependencyTrack/dependency-track.svg)](https://github.com/DependencyTrack/dependency-track/releases)\n[![Pulls - API Server](https://img.shields.io/docker/pulls/dependencytrack/apiserver.svg?label=Docker%20Pulls%20%28API%20Server%29)](https://hub.docker.com/r/dependencytrack/apiserver/)\n[![Pulls - Frontend](https://img.shields.io/docker/pulls/dependencytrack/frontend.svg?label=Docker%20Pulls%20%28Frontend%29)](https://hub.docker.com/r/dependencytrack/frontend/)\n[![Pulls - Bundled](https://img.shields.io/docker/pulls/dependencytrack/bundled.svg?label=Docker%20Pulls%20%28Bundled%29)](https://hub.docker.com/r/dependencytrack/bundled/)\n[![Pulls - Legacy](https://img.shields.io/docker/pulls/owasp/dependency-track.svg?label=Docker%20Pulls%20%28OWASP%20Legacy%29)](https://hub.docker.com/r/owasp/dependency-track/)\n\n![logo preview](https://raw.githubusercontent.com/DependencyTrack/branding/master/dt-logo.svg?sanitize=true)\n\n\nDependency-Track is an intelligent [Component Analysis] platform that allows organizations to\nidentify and reduce risk in the software supply chain. Dependency-Track takes a unique\nand highly beneficial approach by leveraging the capabilities of [Software Bill of Materials] (SBOM). This approach\nprovides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.\n\nDependency-Track monitors component usage across all versions of every application in its portfolio in order to\nproactively identify risk across an organization. The platform has an API-first design and is ideal for use in\nCI/CD environments.\n\n## Ecosystem Overview\n![alt text](./docs/images/integrations.png)\n\n## Features\n* Consumes and produces [CycloneDX] Software Bill of Materials (SBOM)\n* Consumes and produces [CycloneDX Vulnerability Exploitability Exchange (VEX)](https://cyclonedx.org/capabilities/vex/)\n* Component support for:\n  * Applications\n  * Libraries\n  * Frameworks\n  * Operating systems\n  * Containers\n  * Firmware\n  * Files\n  * Hardware\n  * Services\n* Tracks component usage across every application in an organizations portfolio\n* Quickly identify what is affected, and where\n* Identifies multiple forms of risk including\n  * Components with known vulnerabilities\n  * Out-of-date components\n  * Modified components\n  * License risk\n  * More coming soon...\n* Integrates with multiple sources of vulnerability intelligence including:\n  * [National Vulnerability Database] (NVD)\n  * [GitHub Advisories]\n  * [Sonatype OSS Index]\n  * [Snyk]\n  * [Trivy]\n  * [OSV]\n  * [VulnDB] from [Risk Based Security]\n  * More coming soon.\n* Helps to prioritize mitigation by incorporating support for the [Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)\n* Maintain a private vulnerability database of vulnerability components\n* Robust policy engine with support for global and per-project policies\n  * Security risk and compliance\n  * License risk and compliance\n  * Operational risk and compliance\n* Ecosystem agnostic with built-in repository support for:\n  * Cargo (Rust)\n  * Composer (PHP)\n  * Gems (Ruby)\n  * Hex (Erlang/Elixir)\n  * Maven (Java)\n  * NPM (Javascript)\n  * CPAN (Perl)\n  * NuGet (.NET)\n  * PyPI (Python)\n  * More coming soon.\n* Identifies APIs and external service components including:\n  * Service provider\n  * Endpoint URIs\n  * Data classification\n  * Directional flow of data\n  * Trust boundary traversal\n  * Authentication requirements\n* Includes a comprehensive auditing workflow for triaging results\n* Configurable notifications supporting Slack, Microsoft Teams, Mattermost, Webhooks, Webex, Email and Jira\n* Supports standardized SPDX license ID’s and tracks license use by component\n* Easy to read metrics for components, projects, and portfolio\n* Native support for Kenna Security, Fortify SSC, ThreadFix, and DefectDojo\n* API-first design facilitates easy integration with other systems\n* API documentation available in OpenAPI format\n* OAuth 2.0 + OpenID Connect (OIDC) support for single sign-on (authN/authZ)\n* Supports internally managed users, Active Directory/LDAP, and API Keys\n* Simple to install and configure. Get up and running in just a few minutes\n\n\n\u003chr\u003e\n\n![alt text](./docs/images/screenshots/dashboard.png)\n\n### Quickstart (Docker Compose)\n\n```bash\n# Downloads the latest Docker Compose file\ncurl -LO https://dependencytrack.org/docker-compose.yml\n\n# Starts the stack using Docker Compose\ndocker compose up -d\n```\n\n### Quickstart (Docker Swarm)\n\n```bash\n# Downloads the latest Docker Compose file\ncurl -LO https://dependencytrack.org/docker-compose.yml\n\n# Initializes Docker Swarm (if not previously initialized)\ndocker swarm init\n\n# Starts the stack using Docker Swarm\ndocker stack deploy -c docker-compose.yml dtrack\n```\n\n### Quickstart (Manual Execution)\n\n```bash\n# Pull the image from the Docker Hub OWASP repo\ndocker pull dependencytrack/bundled\n\n# Creates a dedicated volume where data can be stored outside the container\ndocker volume create --name dependency-track\n\n# Run the bundled container with 8GB RAM on port 8080\ndocker run -d -m 8192m -p 8080:8080 --name dependency-track -v dependency-track:/data dependencytrack/bundled\n```\n\n**NOTICE: Always use official binary releases in production.**\n\n## Distributions\n\nDependency-Track has three distribution variants. They are:\n\n| Package    | Package Format          | Recommended | Supported | Docker | Download |\n|:-----------|:------------------------|:-----------:|:---------:|:------:|:--------:|\n| API Server | Executable WAR          |      ✅      |     ✅     |   ✅    |    ✅     |\n| Frontend   | Single Page Application |      ✅      |     ✅     |   ✅    |    ✅     |\n| Bundled    | Executable WAR          |      ❌      |    ☑️     |   ✅    |    ✅     |\n\n#### API Server\n\nThe API Server contains an embedded Jetty server and all server-side functionality, but excludes the frontend user\ninterface. This variant is new as of Dependency-Track v4.0.\n\n#### Frontend\n\nThe [Frontend](https://github.com/DependencyTrack/frontend) is the user interface that is accessible in a web browser. The Frontend is a Single Page Application (SPA)\nthat can be deployed independently of the Dependency-Track API Server. This variant is new as of Dependency-Track v3.8.\n\n#### Bundled\n\nThe Bundled variant combines the API Server and the Frontend user interface. This variant was previously referred to as\nthe executable war and was the preferred distribution from Dependency-Track v3.0 - v3.8. This variant is supported but\ndeprecated and will be discontinued in a future release.\n\n#### Traditional\n\nThe Traditional variant combines the API Server and the Frontend user interface and must be deployed to a Servlet\ncontainer. This variant is not supported, deprecated, and will be discontinued in a future release.\n\n## Deploying on Kubernetes with Helm\n\nRefer to https://github.com/DependencyTrack/helm-charts.\n\n## Contributing\n\nInterested in contributing to Dependency-Track? Please check [`CONTRIBUTING.md`](./CONTRIBUTING.md) to see how you can help!\n\n## Resources\n\n* Website: \u003chttps://dependencytrack.org/\u003e\n* Documentation: \u003chttps://docs.dependencytrack.org/\u003e\n* Component Analysis: \u003chttps://owasp.org/www-community/Component_Analysis\u003e\n\n## Community\n\n* Twitter: \u003chttps://dependencytrack.org/twitter\u003e\n* YouTube: \u003chttps://dependencytrack.org/youtube\u003e\n* Slack: \u003chttps://dependencytrack.org/slack\u003e (Invite:  \u003chttps://dependencytrack.org/slack/invite\u003e)\n* Discussion (Groups.io): \u003chttps://dependencytrack.org/discussion\u003e\n\n## Copyright \u0026 License\nDependency-Track is Copyright (c) OWASP Foundation. All Rights Reserved.\n\nPermission to modify and redistribute is granted under the terms of the\n[Apache License 2.0].\n\nDependency-Track makes use of several other open source libraries. Please see\nthe [notices] file for more information.\n\n  [National Vulnerability Database]: https://nvd.nist.gov\n  [GitHub Advisories]: https://www.github.com/advisories\n  [Sonatype OSS Index]: https://ossindex.sonatype.org\n  [Snyk]: https://snyk.io\n  [Trivy]: https://www.aquasec.com/products/trivy/\n  [OSV]: https://osv.dev\n  [VulnDB]: https://vulndb.flashpoint.io\n  [Risk Based Security]: https://www.riskbasedsecurity.com\n  [Component Analysis]: https://owasp.org/www-community/Component_Analysis\n  [Software Bill of Materials]: https://owasp.org/www-community/Component_Analysis#software-bill-of-materials-sbom\n  [CycloneDX]: https://cyclonedx.org\n  [license-image]: https://img.shields.io/badge/license-apache%20v2-brightgreen.svg\n  [Apache License 2.0]: https://github.com/DependencyTrack/dependency-track/blob/master/LICENSE.txt\n  [notices]: https://github.com/DependencyTrack/dependency-track/blob/master/NOTICES.txt\n  [Alpine]: https://github.com/stevespringett/Alpine\n","funding_links":["https://owasp.org/donate/?reponame=www-project-dependency-track\u0026title=OWASP+Dependency-Track"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdependencytrack%2Fdependency-track","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdependencytrack%2Fdependency-track","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdependencytrack%2Fdependency-track/lists"}