OWASP Dependency-Track is described as 'Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components' and is an app in the security & privacy category. There are more than 10 alternatives to OWASP Dependency-Track for a variety of platforms, including Web-based, SaaS, Self-Hosted, Docker and Typescript apps. The best OWASP Dependency-Track alternative is HarborGuard. It's not free, so if you're looking for a free alternative, you could try HarborGuard or Metaport. Other great apps like OWASP Dependency-Track are Vulert, Black Duck Software, Mend Bolt and FOSSA.
HarborGuard is a unified security scanning platform that provides deep vulnerability analysis and visualization for Docker images using industry-leading security tools.
Mend Renovate is a software product that helps developers automate dependency updates by identifying new package versions and delivering them to the application's codebase. It can generate pull requests and issues in the repository with details about the updates, including...
Vulert notifies you if a SECURITY ISSUE is found in any of the open-source software you use. No installation needed.
Organizations worldwide use Black Duck products to secure and manage open source software, eliminating pain related to open source security vulnerabilities and open source license compliance.
Mend Bolt is designed to provide real-time security alerts and compliance issues related to your open source dependencies. It operates within Azure DevOps or GitHub, enabling you to identify and address open source vulnerabilities promptly.
FOSSA offers automated license scanning, dependency analysis and reports at each commit. Get a process up an running in 60 seconds, without slowing down development.
Dependency Track SaaS provided by YourSky.blue is the managed cloud solution of the popular open-source Dependency-Track. Always up to date with the latest security bulletins, it allows to easily monitor all the chain of software components through powerful dashboards and...
Mend.io offers the first AI native application security platform, purpose-built to secure AI-generated code and embedded AI components. Our unified platform enables companies to manage application risk effectively in modern software development.
vet is a tool for protecting against open source software supply chain attacks. To adapt to organizational needs, it uses an opinionated policy expressed as Common Expressions Language and extensive package security metadata including:
New Zealand
Israel
United States
Switzerland
India