This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Projects/OWASP Dependency Track Project

Jump to: navigation, search
What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP Dependency Track Project (home page)
Purpose: OWASP Dependency-Track is an intelligent Software Composition Analysis (SCA) application that allows organizations to automatically ingest and identify third-party components and any inherited vulnerabilities from their use.
License: OWASP Dependency-Track v3.0 and higher is available under the Apache 2.0 license (allows commercial use). OWASP Dependency-Track v1.0 and v2.0 were available under the GNU GPL v3 License (allows commercial use, but requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
who is working on this project?
Project Leader(s):
  • Steve Springett @
Project Contributor(s):
  • Jeremy Long @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Steve Springett @ to contribute to this project
  • Contact Steve Springett @ to review or sponsor this project
current release
Source code available on GitHub
last reviewed release
Not Yet Reviewed

other releases