1 dépôt
Detection of known vulnerabilities, outdated versions, and license compliance issues across various software ecosystems.
Distinct from Risk Assessment: Existing candidates are too narrow (financial, operational) or focus on behavioral scoring; this is about software component analysis.
Explore 1 awesome GitHub repository matching security & cryptography · Component Risk Identification. Refine with filters or upvote what's useful.
Dependency-Track is a software composition analysis tool and vulnerability management system designed to track dependencies and supply chain risk. It functions as a platform for ingesting and analyzing CycloneDX software bills of materials to identify known vulnerabilities and license compliance issues within third-party software components. The system distinguishes itself by mirroring external vulnerability databases locally to enable fast offline analysis and using VEX documents to differentiate between technical vulnerabilities and actual contextual risks. It also integrates with identity
Detects known vulnerabilities, outdated versions, and license compliance issues across third-party software ecosystems.