OWASP Dependency-Track Alternatives

OWASP Dependency-Track is described as 'Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components' and is an app in the security & privacy category. There are more than 10 alternatives to OWASP Dependency-Track for a variety of platforms, including Web-based, SaaS, Self-Hosted, Docker and Typescript apps. The best OWASP Dependency-Track alternative is HarborGuard. It's not free, so if you're looking for a free alternative, you could try HarborGuard or Metaport. Other great apps like OWASP Dependency-Track are Vulert, Black Duck Software, Mend Bolt and FOSSA.

More about OWASP Dependency-Track
Copy a direct link to this comment to your clipboard
OWASP Dependency-Track alternatives page was last updated

Alternatives list

  1. HarborGuard icon

    HarborGuard

     3 likes
    Copy a direct link to this comment to your clipboard

    HarborGuard is a unified security scanning platform that provides deep vulnerability analysis and visualization for Docker images using industry-leading security tools.

    Cost / License

    • Free Personal
    • Open Source

    Application type

    Platforms

    • Self-Hosted
    • Docker
    • Typescript
    HarborGuard screenshot 1
     

    • HarborGuard is the most popular Self-Hosted alternative to OWASP Dependency-Track.

    • HarborGuard is the most popular Open Source & free alternative to OWASP Dependency-Track.

    • HarborGuard is Free Personal and Open SourceOWASP Dependency-Track is Free and Open Source
  2. Metaport icon

    Metaport

     Like
    Copy a direct link to this comment to your clipboard

    A macro view into agency, studio, and in-house development application portfolios, for proactive planning and effective ongoing support.

    Cost / License

    • Freemium (Subscription)
    • Open Source

    Platforms

    • Online
    • Self-Hosted
    • Software as a Service (SaaS)
    • Docker
    Searching for EOL components across app portfolio.
     

    • Metaport is the most popular Web-based & SaaS alternative to OWASP Dependency-Track.

    • Metaport is Freemium and Open SourceOWASP Dependency-Track is Free and Open Source
  4. Mend Renovate icon

    Mend Renovate

     8 likes
    Copy a direct link to this comment to your clipboard

    Mend Renovate is a software product that helps developers automate dependency updates by identifying new package versions and delivering them to the application's codebase. It can generate pull requests and issues in the repository with details about the updates, including...

    20 Mend Renovate alternatives

    Cost / License

    • Freemium (Subscription)
    • Open Source

    Application type

    Platforms

    • Online
    • Self-Hosted
    • GitHub Marketplace
    • Docker
    • GitLab
    Mend Renovate screenshot 1
     
  5. Vulert icon

    Vulert

     3 likes
    Copy a direct link to this comment to your clipboard

    Vulert notifies you if a SECURITY ISSUE is found in any of the open-source software you use. No installation needed.

    Cost / License

    • Freemium (Subscription)
    • Proprietary

    Application type

    Platforms

    • Software as a Service (SaaS)
    Vulert intro
     
  6. Black Duck Software icon

    Black Duck Software

     6 likes
    Copy a direct link to this comment to your clipboard

    Organizations worldwide use Black Duck products to secure and manage open source software, eliminating pain related to open source security vulnerabilities and open source license compliance.

    Cost / License

    • Paid
    • Proprietary

    Platforms

    • Online
    Black Duck Software screenshot 1
     

    • Black Duck Software is the most popular commercial alternative to OWASP Dependency-Track.

    • Black Duck Software is Paid and ProprietaryOWASP Dependency-Track is Free and Open Source
  7. Mend Bolt icon

    Mend Bolt

     1 like
    Copy a direct link to this comment to your clipboard

    Mend Bolt is designed to provide real-time security alerts and compliance issues related to your open source dependencies. It operates within Azure DevOps or GitHub, enabling you to identify and address open source vulnerabilities promptly.

    18 Mend Bolt alternatives

    Cost / License

    • Free
    • Proprietary

    Application type

    Platforms

    • Online
    • Software as a Service (SaaS)
    • GitHub
    • Azure DevOps
    • Microsoft Visual Studio
    Mend Bolt screenshot 1
     
  9. FOSSA icon

    FOSSA

     3 likes
    Copy a direct link to this comment to your clipboard

    FOSSA offers automated license scanning, dependency analysis and reports at each commit. Get a process up an running in 60 seconds, without slowing down development.

    Cost / License

    • Freemium
    • Proprietary

    Application type

    Platforms

    • Online
     
  10. Dependency Track SaaS icon

    Dependency Track SaaS

     1 like
    Copy a direct link to this comment to your clipboard

    Dependency Track SaaS provided by YourSky.blue is the managed cloud solution of the popular open-source Dependency-Track. Always up to date with the latest security bulletins, it allows to easily monitor all the chain of software components through powerful dashboards and...

    Cost / License

    • Subscription
    • Open Source

    Application type

    Platforms

    • Online
    • Software as a Service (SaaS)
    Dependency Track SaaS screenshot 1
     
  11. Mend.io icon

    Mend.io

     7 likes
    Copy a direct link to this comment to your clipboard

    Mend.io offers the first AI native application security platform, purpose-built to secure AI-generated code and embedded AI components. Our unified platform enables companies to manage application risk effectively in modern software development.

    Cost / License

    • Subscription
    • Proprietary

    Application type

    Platforms

    • Online
    • Self-Hosted
    • Software as a Service (SaaS)
    Mend.io screenshot 1
     
  12. vet icon

    vet

     Like
    Copy a direct link to this comment to your clipboard

    vet is a tool for protecting against open source software supply chain attacks. To adapt to organizational needs, it uses an opinionated policy expressed as Common Expressions Language and extensive package security metadata including:

    Cost / License

    • Free
    • Open Source

    Platforms

    • Mac
    • Linux
    • Homebrew
    vet screenshot 1
     

    • vet is the most popular Mac & Linux alternative to OWASP Dependency-Track.

    • vet is Free and Open SourceOWASP Dependency-Track is also Free and Open Source
    • vet is Security-focusedOWASP Dependency-Track is not according to our users
10 of 10 OWASP Dependency-Track alternatives