View OWASP Dependency-Track on the plugin site for more information.
Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
It integrates with multiple vulnerability databases including the National Vulnerability Database (NVD), NPM Public Advisories, Sonatype OSS Index, and VulnDB from Risk Based Security. Dependency-Track monitors all applications in its portfolio in order to proactively identify vulnerabilities in components that are placing your applications at risk. Use of Dependency-Track can play a vital role in an overall Cyber Supply Chain Risk Management (C-SCRM) program by fulfilling many of the recommendations laid out by SAFECode.
Dependency-Track is designed to be used in an automated DevOps environment where software bill-of-material (S-BoM) formats are automatically ingested during CI/CD. Use of this plugin is highly recommended for this purpose and is well suited for use in Jenkins Pipeline. In such an environment, Dependency-Track enables your DevOps teams to accelerate while still keeping tabs on component usage and any inherited risk.
Version 1.0.0 (September 17, 2018)
- Initial public release - Previous versions were bundled with the OWASP Dependency-Check Plugin.