Analyzed
about 24 hours
ago.
based on code collected
2 days
ago.
Project Summary
Dependency-Track is a continuous SBOM analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track support SBOM, SaaSBOM, HBOM, VDR, and VEX in the OWASP CycloneDX format.
In a Nutshell, OWASP Dependency-Track...
- ...
- ...
-
...
has a well established, mature codebase
maintained by a very large development team
with increasing Y-O-Y commits -
...
took an estimated 146 years of effort (COCOMO model)
starting with its first commit in October, 2016
ending with its most recent commit 1 day ago
Quick Reference
GNU General Public License v3.0 or later
Permitted
Commercial Use
Modify
Distribute
Place Warranty
Use Patent Claims
Forbidden
Sub-License
Hold Liable
Required
Distribute Original
Disclose Source
Include Copyright
State Changes
Include License
Include Install Instructions
These details are provided for information only. No information here is legal advice and should not be used as such.
Project Security
Vulnerabilities per Version ( last 10 releases )
There are no reported vulnerabilities
Project Vulnerability Report
Security Confidence Index
Poor security track-record
Favorable security track-record
Vulnerability Exposure Index
Many reported vulnerabilities
Few reported vulnerabilities
Did You Know...
-
...
65% of companies leverage OSS to speed application development in 2016
-
...
you can subscribe to e-mail newsletters to receive update from the Open Hub blog
-
...
nearly 1 in 3 companies have no process for identifying, tracking, or remediating known open source vulnerabilities
-
...
search using multiple tags to find exactly what you need
30 Day SummaryMar 23 2024 — Apr 22 2024
|
12 Month SummaryApr 22 2023 — Apr 22 2024
|
