OWASP Dependency Track

Dependency-Track is an intelligent continuous SBOM (Software Bill of Materials) analysis platform that enables organizations to identify and reduce risk in the software supply chain by monitoring component usage across all application versions and integrating with multiple sources of vulnerability intelligence including NVD, GitHub Advisories, Snyk, and OSV. Dependency-Track provides API-first component analysis capabilities ideal for CI/CD environments, consuming and producing CycloneDX SBOMs and VEX documents while helping security teams prioritize remediation through exploit prediction scoring and comprehensive vulnerability tracking.