# Dependency-Track Reviews **Vendor:** OWASP **Category:** [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis) **Average Rating:** 4.3/5.0 **Total Reviews:** 4 ## About Dependency-Track Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve. Dependency-Track monitors component usage across all versions of every application in its portfolio in order to proactively identify risk across an organization. The platform has an API-first design and is ideal for use in Continuous Integration (CI) and Continuous Delivery (CD) environments. ## Dependency-Track Pros & Cons **What users like:** - Users appreciate the **neat UI and intuitive navigation** , enhancing their overall experience with Dependency-Track. (1 reviews) - Users appreciate the **neat UI and illustrative dashboards** of Dependency-Track, enhancing their overall experience and integration. (1 reviews) - Users appreciate the **neat UI and visual dashboards** of Dependency-Track, enhancing the risk management experience significantly. (1 reviews) - Users love the **neat UI** of Dependency-Track, appreciating its side nav bars and illustrative dashboards. (1 reviews) **What users dislike:** - Users face challenges due to **limited cloud integration** , relying on inefficient methods like copy-pasting for collaboration. (1 reviews) ## Dependency-Track Reviews ### 1. An open source SCA with a Neat GUI but fails short of homerun **Rating:** 3.0/5.0 stars **Reviewed by:** Atanu M. | Security Consultant, Enterprise (> 1000 emp.) **Reviewed Date:** September 29, 2024 **What do you like best about Dependency-Track?** Its neat UI assisted by side nav bars and illustrative dashboards and tables as required is the best feature followed by ease of integration. **What do you dislike about Dependency-Track?** The main shortcoming is that there is no way to export the data off of this tool. We end up resorting to the crude methods of copy pasting the data in excel for collaborating with development teams. **What problems is Dependency-Track solving and how is that benefiting you?** Dependency Track is a Software composition Analysis tool where we can upload SBOM files to test for. It benefits in terms of maintaining clear versions for each SBOM uploaded and their respective results. Providing us list of all dependencies used alongwith a separate section for Vulnerable dependencies. There is also a pictorial Dependency Graph tab one can make use of. Another feature to benefit from is the uniformly color coded scheme of all severities assiged to each vulnerability. The use of simple icons and color schemes is really handy. However I do need to warn users of a intermittent issue of false positives and we might need to verify certain vulnerabilities instead of blindly trusting the tool. ### 2. Full focus on vulnerabilities **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Medical Devices | Enterprise (> 1000 emp.) **Reviewed Date:** January 21, 2025 **What do you like best about Dependency-Track?** API-first design Assessment database as part of data structure and process **What do you dislike about Dependency-Track?** Project views are limited No built-in export **What problems is Dependency-Track solving and how is that benefiting you?** SCA and scan against NVD ### 3. Dependency track **Rating:** 4.0/5.0 stars **Reviewed by:** Suryansh G. | Principal Engineer, Cloud HSM, Mid-Market (51-1000 emp.) **Reviewed Date:** June 23, 2022 **What do you like best about Dependency-Track?** No restriction on the number of repositories one can scan. **What do you dislike about Dependency-Track?** Access to zero day vulnerabilities is not there and only works with an old DB leaving an attack surface open **Recommendations to others considering Dependency-Track:** Integrate it with your CI pipeline and see how amazingly it'll benefit your team to be more productive. **What problems is Dependency-Track solving and how is that benefiting you?** keeps track of software's used across versions covering licenses, vulnerabilities ### 4. Best open-source SCA tool in the market **Rating:** 5.0/5.0 stars **Reviewed by:** Vis C. | Software Security Technical Director, Enterprise (> 1000 emp.) **Reviewed Date:** June 24, 2022 **What do you like best about Dependency-Track?** Has multiple vulnerability sources (NVD, OSS Index, etc.) and thus higher positive percentage. **What do you dislike about Dependency-Track?** Slow in performance, especially the GUI operations **What problems is Dependency-Track solving and how is that benefiting you?** Software composition analysis on software. This essentially means identifying 3rd party libraries (SBOM) and reporting vulnerabilities on them. ## Dependency-Track Discussions - [What is Dependency-Track used for?](https://www.g2.com/discussions/what-is-dependency-track-used-for) - 1 comment - [View Dependency-Track pricing details and edition comparison](https://www.g2.com/products/dependency-track/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-15+00%3A47%3A46+-0500&secure%5Bsession_id%5D=829a6127-aa81-4bd4-b68e-e94b5ee9c1b5&secure%5Btoken%5D=020433656100d06187b56f20978fd51a75e5fb25ff44fd85d164c0695867d0f8&format=llm_user) ## Dependency-Track Features **Functionality - Software Composition Analysis ** - Language Support - Integration - Transparency **Effectiveness - Software Composition Analysis** - Remediation Suggestions - Continuous Monitoring - Thorough Detection ## Top Dependency-Track Alternatives - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (874 reviews) - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,278 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (773 reviews)