├── .gitignore
├── 404.html
├── Gemfile
├── _config.yml
├── _data
    └── ow_attributions.json
├── assets
    └── images
    │   ├── KPMG.svg
    │   └── risk-based-security.png
├── index.md
├── info.md
├── leaders.md
├── tab_executive-order-14028.md
├── tab_features.md
├── tab_installation.md
├── tab_integrations.md
├── tab_news.md
└── tab_supporters.md


/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__
2 | env
3 | .vscode
4 | _site/
5 | 


--------------------------------------------------------------------------------
/404.html:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | title: 404 - Not Found
 4 | layout: col-generic
 5 | 
 6 | ---
 7 | 
 8 | <div class="container">
 9 |   <p><img src="/assets/images/web/404-old-owasp.png"></p>
10 |   <h2>WHOA THAT PAGE CANNOT BE FOUND</h2>
11 |   <p>Try the <strong>SEARCH</strong> function in the main navigation to find something. If you are looking for chapter information, please see <a href="/chapters/">Chapters</a> for the correct chapter. For information about OWASP projects see <a href="/projects/">Projects</a>. For common attacks, vulnerabilities, or information about other community-led contributions see <a href="/www-community/">Contributed Content</a>.</p>
12 |   
13 |   <hr>
14 |   <p><strong>If all else fails you can search our <a href="https://wiki.owasp.org/">historical site</a>.</strong></p>
15 | </div>
16 | 


--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org' 
2 | group :jekyll_plugins do
3 |     gem "github-pages"
4 | end


--------------------------------------------------------------------------------
/_config.yml:
--------------------------------------------------------------------------------
1 | remote_theme: "owasp/www--site-theme@main"
2 | plugins:
3 |  - jekyll-include-cache-0.2.0
4 | code_user: DependencyTrack
5 | code_repo: dependency-track
6 | 


--------------------------------------------------------------------------------
/_data/ow_attributions.json:
--------------------------------------------------------------------------------
1 | ["Nedap NV"]


--------------------------------------------------------------------------------
/assets/images/KPMG.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 2 | <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 3 | <!-- Created with Inkscape (http://www.inkscape.org/) by Marsupilami -->
 4 | <svg
 5 |    xmlns:svg="http://www.w3.org/2000/svg"
 6 |    xmlns="http://www.w3.org/2000/svg"
 7 |    version="1.1"
 8 |    width="1024"
 9 |    height="424"
10 |    viewBox="-0.969375 -0.969375 82.62625 34.25125"
11 |    id="svg5622">
12 |   <defs
13 |      id="defs5624" />
14 |   <path
15 |      d="m 62.74202,0.20119 0,16.00227 -0.20416,0.16862 -0.20416,0.16862 -0.19566,0.17706 -0.18715,0.17705 -0.17864,0.17705 -0.17864,0.18549 -0.17013,0.18548 -0.17014,0.18549 0,-17.42713 -17.88969,0 0,14.56898 -1.48018,0 0,-14.56898 -17.88969,0 0,14.59427 -1.48018,0 0,-14.59427 -17.88969,0 0,16.6346 -4.56813,15.08327 4.01519,0 2.0161,-6.67744 0.57846,0 3.33464,6.67744 4.84885,0 -3.23257,-6.67744 7.33282,0 -2.03311,6.67744 4.38098,0 2.00759,-6.66058 0.96977,0 0,-0.0169 1.37809,0 0.11059,0 8.27707,0 -1.93954,6.66059 4.42351,0 1.87999,-6.66059 1.99058,0 0.051,6.66059 3.70894,0 4.26189,-6.66059 2.79021,0 -1.44615,6.66059 4.35546,0 1.42063,-6.66059 2.51799,0 -0.017,0.3794 0.009,0.38783 0.017,0.37097 0.034,0.37097 0.0255,0.17705 0.0255,0.17706 0.034,0.17705 0.034,0.17706 0.0425,0.17705 0.0425,0.16862 0.051,0.16862 0.051,0.16863 0.0596,0.16862 0.0596,0.16019 0.068,0.16019 0.0681,0.15176 0.0766,0.16019 0.0766,0.15176 0.0851,0.14333 0.0851,0.15176 0.0936,0.14333 0.10208,0.1349 0.10209,0.14333 0.11058,0.12646 0.11059,0.1349 0.11059,0.12647 0.1276,0.12647 0.1276,0.11803 0.16163,0.1349 0.16163,0.1349 0.17013,0.12646 0.17864,0.11804 0.17865,0.11804 0.17864,0.1096 0.18715,0.0927 0.19565,0.10117 0.18715,0.0843 0.19566,0.0843 0.19565,0.0759 0.20416,0.0759 0.20416,0.0675 0.20417,0.059 0.20416,0.059 0.20416,0.0506 0.40832,0.0927 0.41684,0.0675 0.40832,0.059 0.40832,0.0506 0.39982,0.0337 0.39131,0.0169 0.3828,0.0169 0.36579,0 0.4934,-0.008 0.49339,-0.008 0.5019,-0.0253 0.50189,-0.0253 0.5019,-0.0422 0.5019,-0.0422 0.5019,-0.0506 0.5019,-0.059 0.5104,-0.0675 0.51041,-0.0759 0.5104,-0.0843 0.51041,-0.0843 0.5104,-0.0927 0.51041,-0.10117 0.5104,-0.10117 0.51891,-0.11804 1.51421,-6.04511 4.96794,0 0,-25.04043 -17.8897,0 z m -56.4593,24.41653 0.0255,-0.0927 0.0596,0.0927 -0.0851,0 z m 15.58437,-8.97072 -0.2552,0.85155 -2.38189,7.84094 -0.0936,0.27823 -7.82621,0 -0.60398,-1.28154 8.43019,-8.54072 -5.4188,0 -6.59273,7.03999 2.13519,-7.03999 -3.99817,0 0,-13.96193 16.60517,0 0,14.81347 z m 4.61916,6.62686 0,0 -0.1276,0.008 -0.11909,0.008 -0.1276,0.008 -0.13611,0 -0.17864,0 -0.15312,0 -0.14462,0.008 -0.13611,0 -1.06334,-0.008 0.49339,-1.80426 0.22968,-0.8937 0.56145,-2.09934 0.17864,0 0.18715,0 0.17864,-0.008 0.17014,0 0.82515,0 0.5019,0.008 0.45936,0.0169 0.20416,0.008 0.19566,0.0169 0.18715,0.0253 0.17013,0.0253 0.15312,0.0253 0.14462,0.0422 0.13611,0.0422 0.11909,0.0506 0.10208,0.0506 0.0936,0.0675 0.0851,0.0675 0.068,0.0843 0.0425,0.0675 0.034,0.0675 0.034,0.0759 0.0255,0.0843 0.017,0.0927 0.009,0.0927 0,0.10117 0,0.1096 -0.009,0.11804 -0.008,0.11803 -0.0255,0.1349 -0.0255,0.1349 -0.0766,0.28666 -0.0936,0.32038 -0.0936,0.2698 -0.10208,0.26136 -0.11058,0.2445 -0.1191,0.22764 -0.0596,0.10118 -0.0596,0.10117 -0.0681,0.10117 -0.0766,0.0927 -0.0766,0.0927 -0.0766,0.0843 -0.0851,0.0843 -0.0851,0.0759 -0.0936,0.0675 -0.0936,0.0759 -0.10208,0.059 -0.11059,0.0675 -0.11059,0.059 -0.11909,0.0506 -0.1191,0.0506 -0.1276,0.0422 -0.1361,0.0506 -0.14462,0.0337 -0.15312,0.0337 -0.15312,0.0337 -0.17014,0.0253 -0.17013,0.0253 -0.17864,0.0169 -0.18715,0.0169 z m 12.0966,2.34386 1.74389,-6.15472 0.0681,6.15472 -1.81194,0 z m 2.65411,-9.84755 -4.1513,0 -2.85826,9.84755 -4.4065,0 0.20416,-0.0843 0.20416,-0.0843 0.19566,-0.0843 0.19565,-0.0927 0.18715,-0.0927 0.17864,-0.10961 0.17865,-0.10117 0.17013,-0.10961 0.17014,-0.11803 0.16162,-0.11804 0.15313,-0.11803 0.15312,-0.1349 0.14461,-0.12647 0.13611,-0.14333 0.13611,-0.1349 0.1276,-0.15176 0.1276,-0.14332 0.1191,-0.1602 0.11058,-0.15176 0.11059,-0.16862 0.10208,-0.16862 0.0936,-0.16862 0.0936,-0.17706 0.0851,-0.18548 0.0851,-0.18549 0.0766,-0.18548 0.068,-0.19392 0.0681,-0.20234 0.051,-0.20235 0.0596,-0.20235 0.0425,-0.21921 0.0425,-0.21077 0.0596,-0.33725 0.051,-0.32038 0.034,-0.30352 0.0255,-0.28666 0.009,-0.28666 -0.009,-0.26136 -0.008,-0.26137 -0.034,-0.2445 -0.034,-0.22764 -0.0596,-0.22764 -0.0596,-0.21078 -0.0851,-0.20235 -0.0936,-0.19391 -0.10208,-0.19392 -0.11909,-0.17705 -0.13611,-0.16862 -0.11059,-0.11804 -0.11059,-0.11803 -0.11909,-0.10118 -0.1276,-0.0927 -0.13611,-0.0927 -0.13611,-0.0843 -0.14461,-0.0759 -0.14462,-0.0675 -0.15312,-0.0675 -0.15312,-0.0506 -0.16163,-0.0506 -0.16163,-0.0506 -0.17013,-0.0422 -0.17014,-0.0337 -0.17013,-0.0337 -0.17865,-0.0253 -0.36579,-0.0506 -0.36579,-0.0253 -0.37429,-0.0253 -0.38281,-0.008 -0.7656,0 -0.7571,0 -0.23819,0 -0.42534,0 -0.52742,0 -0.58697,0 -0.56995,0 -0.48488,0 -0.34027,0 -0.1276,0 0,-13.93664 16.60517,0 0,13.93664 z m 10.089,9.84755 -2.49247,0 3.77699,-5.90179 -1.28452,5.90179 z m 9.28087,-9.56933 -0.009,3.41461 -0.21267,0.29509 -0.19566,0.30352 -0.19565,0.30352 -0.17864,0.30352 -0.17014,0.30352 -0.17013,0.31195 -0.14462,0.30352 -0.14461,0.30352 -0.13611,0.29509 -0.11909,0.30352 -0.1191,0.29509 -0.10208,0.28666 -0.0936,0.28665 -0.0851,0.27823 -0.0766,0.2698 -0.0681,0.26979 -0.0425,0.17706 -0.0425,0.18548 -0.0425,0.17706 -0.034,0.18548 -0.034,0.17705 -0.0255,0.17706 -0.0255,0.17705 -0.017,0.18549 -2.44144,0 2.08416,-9.82226 -7.02658,-0.008 -6.28649,9.83069 -0.45936,0 0,-23.78419 16.61368,0 0,14.21486 z m 9.5786,13.59097 -0.34878,0.059 -0.35728,0.0506 -0.35729,0.0506 -0.34877,0.0422 -0.34878,0.0337 -0.34878,0.0253 -0.34027,0.0169 -0.34027,0 -0.22117,0 -0.22118,-0.008 -0.21267,-0.0169 -0.21266,-0.0253 -0.20417,-0.0337 -0.19565,-0.0337 -0.19566,-0.0422 -0.18714,-0.0506 -0.17865,-0.059 -0.17864,-0.059 -0.17013,-0.0759 -0.16163,-0.0759 -0.16163,-0.0927 -0.15312,-0.0927 -0.14462,-0.10117 -0.1361,-0.10118 -0.13611,-0.11803 -0.1191,-0.12647 -0.11909,-0.12647 -0.11059,-0.14333 -0.10208,-0.14332 -0.0936,-0.1602 -0.0851,-0.16019 -0.0851,-0.16862 -0.0681,-0.17705 -0.0596,-0.19392 -0.051,-0.19391 -0.051,-0.20235 -0.034,-0.21078 -0.0255,-0.21921 -0.017,-0.22764 -0.009,-0.23607 7.74114,0 -0.85067,3.39774 z m 9.81679,-4.02164 -4.18532,0 0.68904,-2.74855 -8.38765,0 -0.68905,2.74855 -4.05772,0 0,-0.56489 0.051,-0.23607 0.0425,-0.23607 0.051,-0.25294 0.051,-0.25293 0.0766,-0.27823 0.0766,-0.27822 0.0851,-0.27823 0.0936,-0.2698 0.10208,-0.26979 0.11059,-0.2698 0.11909,-0.26136 0.1191,-0.26137 0.13611,-0.26136 0.1361,-0.2445 0.14462,-0.25294 0.16163,-0.23607 0.16163,-0.23607 0.16162,-0.22764 0.17865,-0.21921 0.18714,-0.21078 0.19566,-0.20235 0.19566,-0.18548 0.21266,-0.18548 0.21267,-0.17706 0.22118,-0.16019 0.23819,-0.15176 0.23819,-0.1349 0.24669,-0.12646 0.2552,-0.11804 0.26371,-0.10117 0.27222,-0.0843 0.28072,-0.0675 0.28923,-0.059 0.29774,-0.0422 0.30624,-0.0253 0.31475,-0.008 0.2467,0.008 0.24669,0.0169 0.2467,0.0337 0.23819,0.0506 0.11909,0.0337 0.11059,0.0337 0.11059,0.0337 0.10208,0.0506 0.10208,0.0422 0.10208,0.059 0.0936,0.059 0.0936,0.059 0.0851,0.0759 0.0851,0.0759 0.0766,0.0759 0.0766,0.0927 0.0681,0.0843 0.0596,0.10117 0.051,0.1096 0.051,0.10961 0.0425,0.11804 0.034,0.12646 0.0255,0.12647 0.0255,0.14333 0.009,0.14333 0,0.15176 0,0.16019 -0.017,0.16862 5.00197,0 0.0766,-0.34568 0.0681,-0.39626 0.034,-0.21078 0.017,-0.22764 0.017,-0.22764 0,-0.23607 -0.008,-0.2445 -0.0255,-0.25293 -0.0255,-0.11804 -0.017,-0.12647 -0.034,-0.12646 -0.034,-0.12647 -0.0425,-0.1349 -0.0425,-0.12646 -0.051,-0.12647 -0.0596,-0.12647 -0.0596,-0.12647 -0.0766,-0.12646 -0.0766,-0.12647 -0.0851,-0.12647 -0.10208,-0.13489 -0.11059,-0.12647 -0.11059,-0.12647 -0.11909,-0.11803 -0.1276,-0.11804 -0.13611,-0.1096 -0.13611,-0.10118 -0.14461,-0.10117 -0.15313,-0.10117 -0.15312,-0.0843 -0.16162,-0.0843 -0.17014,-0.0843 -0.17013,-0.0759 -0.17865,-0.0759 -0.18715,-0.0675 -0.18714,-0.0675 -0.18715,-0.059 -0.20416,-0.0506 -0.19566,-0.0506 -0.21267,-0.0506 -0.21267,-0.0422 -0.21267,-0.0422 -0.22117,-0.0337 -0.22968,-0.0253 -0.46787,-0.0506 -0.47638,-0.0422 -0.5019,-0.0169 -0.51041,-0.008 -0.3828,0.008 -0.39982,0.008 -0.41683,0.0253 -0.43384,0.0337 -0.45086,0.0506 -0.45936,0.059 -0.46787,0.0759 -0.47638,0.10117 -0.23819,0.0506 -0.2467,0.059 -0.23819,0.0675 -0.24669,0.0675 -0.2467,0.0759 -0.24669,0.0843 -0.2467,0.0843 -0.23819,0.0927 -0.24669,0.10117 -0.2467,0.10961 -0.23819,0.1096 -0.2467,0.11804 -0.23818,0.12646 -0.23819,0.1349 -0.23819,0.1349 -0.23819,0.15176 0,-14.92308 16.6307,0 0,23.78419 z"
16 |      id="path5037"
17 |      style="fill:#003087;fill-opacity:1;stroke:#ffffff;stroke-width:0.00846885;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-opacity:0;stroke-dasharray:none" />
18 | </svg>
19 | <!-- version: 20110311, original size: 80.6875 32.3125, border: 3% -->
20 | 


--------------------------------------------------------------------------------
/assets/images/risk-based-security.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-dependency-track/78dc146444653d456155b8642248c390926200e8/assets/images/risk-based-security.png


--------------------------------------------------------------------------------
/index.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | layout: col-sidebar
 4 | title: OWASP Dependency-Track
 5 | site_side: true
 6 | tags: dependency-track dtrack sca scrm sbom bom component-analysis supply-chain cpe purl license vulnerability impact
 7 | level: 4
 8 | type: tool
 9 | pitch: Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
10 | 
11 | ---
12 | 
13 | For more details about Dependency-Track see the projects website at [dependencytrack.org](https://dependencytrack.org/)
14 | 
15 | Dependency-Track is an intelligent [Component Analysis](https://owasp.org/www-community/Component_Analysis) platform that allows organizations to
16 | identify and reduce risk in the software supply chain. Dependency-Track takes a unique
17 | and highly beneficial approach by leveraging the capabilities of [Software Bill of Materials](https://owasp.org/www-community/Component_Analysis#software-bill-of-materials-sbom) (SBOM). This approach
18 | provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
19 | 
20 | <div>
21 |   <div style="position:relative;padding-top:56.25%;">
22 |     <iframe src="https://www.youtube.com/embed/cQuk6jKTrTs" frameborder="0" allowfullscreen
23 |       style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe>
24 |   </div>
25 | </div>
26 | 
27 | 
28 | Dependency-Track monitors component usage across all versions of every application in its portfolio in order to
29 | proactively identify risk across an organization. The platform has an API-first design and is ideal for use in
30 | CI/CD environments.
31 | 
32 | 
33 | ![Screenshot](https://raw.githubusercontent.com/DependencyTrack/dependency-track/master/docs/images/screenshots/dashboard.png)
34 | 


--------------------------------------------------------------------------------
/info.md:
--------------------------------------------------------------------------------
 1 | ### Project Information
 2 | 
 3 | * <i class="fas fa-flag" style="font-size: 1.3em; color:#2ADA08;"></i>
 4 |   <span style="font-size: 1.3em;">Flagship Project</span>
 5 | 
 6 | #### Classification
 7 | 
 8 | * <i class="fas fa-tools" style="color:#233e81;"></i> Tool
 9 | 
10 | #### Audience
11 | 
12 | * <i class="fas fa-toolbox" style="color:#233e81;"></i> Builder
13 | * <i class="fas fa-shield-alt" style="color:#233e81;"></i> Defender
14 | 
15 | ### External Resources
16 | 
17 | * [Documentation](https://docs.dependencytrack.org/)
18 | * [GitHub](https://github.com/DependencyTrack)
19 | * [Slack](https://dependencytrack.org/slack) - [invite](https://dependencytrack.org/slack/invite)
20 | * [Twitter](https://twitter.com/dependencytrack)
21 | * [Website](https://dependencytrack.org/)
22 | * [YouTube](https://www.youtube.com/channel/UC8xdttysl3gNAQYvk1J9Efg)
23 | 
24 | ### Licensing
25 | 
26 | [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0)
27 | 


--------------------------------------------------------------------------------
/leaders.md:
--------------------------------------------------------------------------------
1 | ### Leaders
2 | * [Steve Springett](mailto:steve.springett@owasp.org)
3 | * [Niklas Düster](mailto:niklas.duester@owasp.org)
4 | 


--------------------------------------------------------------------------------
/tab_executive-order-14028.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | title: Executive-Order-14028
 4 | displaytext: Executive Order 14028
 5 | layout: null
 6 | order: 6
 7 | tab: true
 8 | tags: dependency-track dtrack
 9 | 
10 | ---
11 | 
12 | ## U.S. Executive Order 14028
13 | 
14 | Since its inception in 2013, OWASP Dependency-Track has been at the forefront of analyzing bill of materials for cybersecurity
15 | risk identification and reduction. Dependency-Track allows organizations and governments to operationalize SBOM in
16 | conformance with [U.S. Executive Order 14028](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/).
17 | 
18 | * Supports the OWASP CycloneDX BOM format specifically defined in the [NTIA Minimum Elements For a Software Bill of Materials(SBOM)](https://www.ntia.gov/files/ntia/publications/sbom_minimum_elements_report.pdf)
19 | * Consumes and analyzes SBOMs for known security, operational, and license risk
20 | * Ideal for use in [procurement](https://docs.dependencytrack.org/usage/procurement/) and [continuous integration and delivery](https://docs.dependencytrack.org/usage/cicd/) environments
21 | * Supports the OWASP CycloneDX VEX format exceeding the [Vulnerability Exploitability Exchange requirements defined by CISA](https://www.cisa.gov/sites/default/files/publications/VEX_Use_Cases_Document_508c.pdf)
22 | 
23 | ### For software consumers
24 | 
25 | * Tracks all systems and applications that have SBOMs
26 | * Upload SBOMs through the user interface or via automation
27 | * Components defined in SBOMs will be analyzed for known vulnerabilities using multiple sources of vulnerability intelligence, including the [NVD](https://nvd.nist.gov/)
28 | * Displays all identified vulnerabilities and vulnerable components for every SBOM analyzed
29 | * Upload CycloneDX VEX obtained from suppliers to gain insight into the vulnerable components that pose risk, and the ones that don't
30 | * Quickly identify all systems and applications that have a specific component or are affected by a specific vulnerability
31 | * Helps to prioritize mitigation by incorporating support for the [Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)
32 | * Evaluate the portfolio of systems and applications against user-configurable security, operational, and license policies
33 | 
34 | ### For software producers
35 | 
36 | * Create and consume CycloneDX SBOMs in development pipelines
37 | * SBOMs will be analyzed for known security, operational, and license risk
38 | * Evaluates the portfolio of applications against user-configurable security, operational, and license policies
39 | * Inspect security findings and make audit decisions about the relevance and exploitability of each vulnerability
40 | * CycloneDX BOMs can be dynamically generated from current inventory for any application
41 | * CycloneDX VEX is dynamically generated from audit decisions for each application
42 | * An API-first design allows software producers to extract SBOMs for released products, produce VEX whenever updated audit decisions are made, and make data available to internal systems responsible for SBOM and VEX distribution.
43 | 
44 | ### Other considerations
45 | 
46 | * Both CycloneDX and Dependency-Track are full-stack solutions supporting software, hardware, and services. The CycloneDX standard and use with Dependency-Track is not limited to SBOM use cases.
47 | * Software consumers may optionally audit security findings from vendor SBOMs. If consumers discover discrepancies in vendor supplied VEX, consumers can share their own auto-generated VEX with suppliers, completing a bi-directional exchange of vulnerability and exploitability information.
48 | 


--------------------------------------------------------------------------------
/tab_features.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | title: Features
 4 | layout: null
 5 | order: 1
 6 | tab: true
 7 | tags: dependency-track dtrack
 8 | 
 9 | ---
10 | 
11 | ## Features
12 | 
13 | * Consumes and produces [CycloneDX] Software Bill of Materials (SBOM) 
14 | * Consumes and produces CycloneDX Vulnerability Exploitability Exchange (VEX)
15 | * Full-stack component support for:
16 |   * Applications
17 |   * Libraries
18 |   * Frameworks
19 |   * Operating systems
20 |   * Containers
21 |   * Firmware
22 |   * Files
23 |   * Hardware
24 |   * Services
25 | * Tracks component usage across every application in an organizations portfolio
26 | * Quickly identify what is affected, and where
27 | * Identifies multiple forms of risk including
28 |   * Components with known vulnerabilities
29 |   * Out-of-date components
30 |   * Modified components
31 |   * License risk
32 |   * More coming soon...
33 | * Integrates with multiple sources of vulnerability intelligence including:
34 |   * [National Vulnerability Database] (NVD)
35 |   * [GitHub Advisories]
36 |   * [Sonatype OSS Index]
37 |   * [VulnDB] from [Risk Based Security]
38 |   * More coming soon.
39 | * Helps to prioritize mitigation by incorporating support for the [Exploit Prediction Scoring System (EPSS)]
40 | * Maintain a private vulnerability database of vulnerability components
41 | * Robust policy engine with support for global and per-project policies
42 |   * Security risk and compliance
43 |   * License risk and compliance
44 |   * Operational risk and compliance
45 | * Ecosystem agnostic with built-in repository support for:
46 |   * Cargo (Rust)
47 |   * Composer (PHP)
48 |   * Gems (Ruby)
49 |   * Hex (Erlang/Elixir)
50 |   * Maven (Java)
51 |   * NPM (Javascript)
52 |   * NuGet (.NET)
53 |   * Pypi (Python)
54 |   * More coming soon.
55 | * Identifies APIs and external service components including:
56 |   * Service provider
57 |   * Endpoint URIs
58 |   * Data classification
59 |   * Directional flow of data
60 |   * Trust boundary traversal
61 |   * Authentication requirements
62 | * Includes a comprehensive auditing workflow for triaging results
63 | * Configurable notifications supporting Slack, Microsoft Teams, WebEx, Webhooks, and Email
64 | * Supports standardized SPDX license ID’s and tracks license use by component
65 | * Easy to read metrics for components, projects, and portfolio
66 | * Native support for Kenna Security, Fortify SSC, ThreadFix, and DefectDojo
67 | * API-first design facilitates easy integration with other systems
68 | * API documentation available in OpenAPI format
69 | * OAuth 2.0 + OpenID Connect (OIDC) support for single sign-on (authN/authZ)
70 | * Supports internally managed users, Active Directory/LDAP, and API Keys
71 | * Simple to install and configure. Get up and running in just a few minutes
72 | 
73 | [National Vulnerability Database]: https://nvd.nist.gov
74 | [GitHub Advisories]: https://www.github.com/advisories
75 | [Sonatype OSS Index]: https://ossindex.sonatype.org
76 | [VulnDB]: https://vulndb.cyberriskanalytics.com
77 | [Risk Based Security]: https://www.riskbasedsecurity.com
78 | [Supply Chain Component Analysis]: https://www.owasp.org/index.php/Component_Analysis
79 | [Software Bill-of-Materials]: https://www.owasp.org/index.php/Component_Analysis#Software_Bill-of-Materials_.28SBOM.29
80 | [CycloneDX]: https://cyclonedx.org
81 | [Exploit Prediction Scoring System (EPSS)]: https://www.first.org/epss/
82 | 


--------------------------------------------------------------------------------
/tab_installation.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | title: Installation
 4 | displaytext: Installation
 5 | layout: null
 6 | order: 3
 7 | tab: true
 8 | tags: dependency-track dtrack
 9 | 
10 | ---
11 | 
12 | ## Installation
13 | 
14 | Dependency-Track is distributed as Docker containers.
15 | 
16 | ### Docker Compose
17 | 
18 | ```bash
19 | curl -LO https://dependencytrack.org/docker-compose.yml
20 | docker-compose up -d
21 | ```
22 | 
23 | ### Docker Swarm
24 | 
25 | ```bash
26 | curl -LO https://dependencytrack.org/docker-compose.yml
27 | docker swarm init
28 | docker stack deploy -c docker-compose.yml dtrack
29 | ```
30 | 


--------------------------------------------------------------------------------
/tab_integrations.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | title: Integrations
 4 | layout: null
 5 | order: 2
 6 | tab: true
 7 | tags: dependency-track dtrack
 8 | 
 9 | ---
10 | 
11 | ## Integrations
12 | 
13 | ![Integrations](https://raw.githubusercontent.com/DependencyTrack/dependency-track/master/docs/images/integrations.png)
14 | 


--------------------------------------------------------------------------------
/tab_news.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | title: News
 4 | layout: null
 5 | order: 4
 6 | tab: true
 7 | tags: dependency-track dtrack
 8 | 
 9 | ---
10 | 
11 | ## News
12 | 
13 | * 2022/05/18 [v4.5.0](https://docs.dependencytrack.org/2022/05/18/v4.5.0/) Released
14 | * 2022/02/18 [v4.4.1](https://docs.dependencytrack.org/2022/02/18/v4.4.1/) Released
15 | * 2022/02/17 [v4.4.0](https://docs.dependencytrack.org/2022/02/17/v4.4.0/) Released
16 | * 2021/09/20 [v4.3.6](https://docs.dependencytrack.org/2021/09/20/v4.3.6/) Released
17 | * 2021/09/20 [v4.3.5](https://docs.dependencytrack.org/2021/09/20/v4.3.5/) Released
18 | * 2021/08/31 [v4.3.4](https://docs.dependencytrack.org/2021/08/31/v4.3.4/) Released
19 | * 2021/08/20 [v4.3.3](https://docs.dependencytrack.org/2021/08/20/v4.3.3/) Released
20 | * 2021/08/07 [v4.3.2](https://docs.dependencytrack.org/2021/08/07/v4.3.2/) Released
21 | * 2021/08/03 [v4.3.1](https://docs.dependencytrack.org/2021/08/03/v4.3.1/) Released
22 | * 2021/08/02 [v4.3.0](https://docs.dependencytrack.org/2021/08/02/v4.3.0/) Released
23 | * 2021/05/07 [v4.2.2](https://docs.dependencytrack.org/2021/05/07/v4.2.2/) Released
24 | * 2021/03/20 [v4.2.1](https://docs.dependencytrack.org/2021/03/20/v4.2.1/) Released
25 | * 2021/03/17 [v4.2.0](https://docs.dependencytrack.org/2021/03/17/v4.2.0/) Released
26 | * 2021/02/09 [v4.1.0](https://docs.dependencytrack.org/2021/02/09/v4.1.0/) Released
27 | * 2021/01/12 [v4.0.1](https://docs.dependencytrack.org/2021/01/12/v4.0.1/) Released
28 | * 2021/01/03 [v4.0.0](https://docs.dependencytrack.org/2021/01/03/v4.0.0/) Released
29 | * 2020/03/22 [v3.8.0](https://docs.dependencytrack.org/2020/03/22/v3.8.0/) Released
30 | * 2020/01/07 [v3.7.1](https://docs.dependencytrack.org/2020/01/07/v3.7.1/) Released
31 | * 2019/12/16 [v3.7.0](https://docs.dependencytrack.org/2019/12/16/v3.7.0/) Released
32 | * 2019/10/01 [v3.6.1](https://docs.dependencytrack.org/2019/10/01/v3.6.1/) Released
33 | * 2019/09/28 [v3.6.0](https://docs.dependencytrack.org/2019/09/28/v3.6.0/) Released
34 | * 2019/07/17 [v3.5.1](https://docs.dependencytrack.org/2019/07/17/v3.5.1/) Released
35 | * 2019/06/07 [v3.5.0](https://docs.dependencytrack.org/2019/06/07/v3.5.0/) Released
36 | * 2019/04/16 [v3.4.1](https://docs.dependencytrack.org/2019/04/16/v3.4.1/) Released
37 | * 2018/12/22 [v3.4.0](https://docs.dependencytrack.org/2018/12/22/v3.4.0/) Released
38 | * 2018/11/13 [v3.3.1](https://docs.dependencytrack.org/2018/11/13/v3.3.1/) Released 
39 | * 2018/10/25 [v3.3.0](https://docs.dependencytrack.org/2018/10/25/v3.3.0/) Released 
40 | * 2018/10/02 [v3.2.2](https://docs.dependencytrack.org/2018/10/02/v3.2.2/) Released 
41 | * 2018/09/21 [v3.2.1](https://docs.dependencytrack.org/2018/09/21/v3.2.1/) Released 
42 | * 2018/09/06 [v3.2.0](https://docs.dependencytrack.org/2018/09/06/v3.2.0/) Released 
43 | * 2018/06/19 [v3.1.0](https://docs.dependencytrack.org/2018/06/19/v3.1.0/) Released 
44 | * 2018/05/02 [v3.0.4](https://docs.dependencytrack.org/2018/05/02/v3.0.4/) Released 
45 | * 2018/04/13 [v3.0.3](https://docs.dependencytrack.org/2018/04/13/v3.0.3/) Released 
46 | * 2018/03/30 [v3.0.2](https://docs.dependencytrack.org/2018/03/30/v3.0.2/) Released 
47 | * 2018/03/29 [v3.0.1](https://docs.dependencytrack.org/2018/03/29/v3.0.1/) Released 
48 | * 2018/03/27 [v3.0.0](https://docs.dependencytrack.org/2018/03/27/v3.0.0/) Released 
49 | * 2017/10/08 [v3.0 Updates to community](https://groups.google.com/forum/#!topic/dependency-track/0PUJI5rNgzI)
50 | * 2017/06/16 [Presentation at OWASP Summit 2017](https://www.youtube.com/watch?v=88YAlzuDH04&t=50s)
51 | 


--------------------------------------------------------------------------------
/tab_supporters.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | title: Supporters
 4 | displaytext: Our Supporters
 5 | layout: null
 6 | order: 5
 7 | tab: true
 8 | tags: dependency-track dtrack
 9 | 
10 | ---
11 | 
12 | ## Supporters
13 | 
14 | Dependency-Track is developed by a worldwide team of volunteers.
15 | 
16 | But we have also been helped by many organizations, either financially or by encouraging their employees to work on Dependency-Track:
17 | 
18 | 
19 | <a href="https://www.riskbasedsecurity.com/" style="float:left; padding:2rem;">
20 |     <img src="assets/images/risk-based-security.png" width="250" alt="Risk Based Security">
21 | </a>
22 | 
23 | <a href="https://www.kpmg.com" style="float:left; padding:2rem;">
24 |     <img src="assets/images/KPMG.svg" width="250" alt="KPMG">
25 | </a>
26 | 


--------------------------------------------------------------------------------