Skip to main content

Managed Software Supply Chain / SCA

Managed Dependency-Track

Continuous software supply chain risk monitoring

License: Apache-2.0 GitHub: 3.9K stars Infra: 4–8 GB RAM, 2–4 vCPU, 20 GB+ storage
Contact us · From $40/mo

What is Dependency-Track?

Dependency-Track is an OWASP flagship platform for software supply chain security. It ingests SBOMs and continuously monitors your components for known vulnerabilities, outdated libraries, and license risk, even long after a build has shipped.

Use cases

  • NIS2 and DORA software supply chain risk management
  • Continuous SBOM monitoring after release
  • License compliance across application dependencies
  • Complement to DefectDojo for full vulnerability coverage

Features

  • SBOM ingestion (CycloneDX, SPDX)
  • Continuous component vulnerability monitoring
  • License risk and policy violation tracking
  • Sourced from NVD, OSV, and GitHub Advisories
  • Policy engine for security and license gates
  • REST API and CI/CD pipeline integration
  • Per-project risk scoring and dashboards
  • Feeds findings into DefectDojo

Simple, transparent pricing

Same software, fraction of the cost.

Starter

Up to 10 projects

From $40 /mo
  • Dependency-Track platform
  • Up to 10 monitored projects
  • SBOM upload and analysis
  • Daily vulnerability feed sync
  • Email alerting
  • Daily backups
Contact us

Most popular

Business

Up to 50 projects

From $90 /mo
  • Everything in Starter
  • Up to 50 monitored projects
  • Custom policy rules
  • CI/CD pipeline webhooks
  • DefectDojo integration
  • Priority support
Contact us

Enterprise

Unlimited projects

From $180 /mo
  • Everything in Business
  • Unlimited projects
  • SSO / LDAP
  • Custom integrations
  • Audit-ready compliance reports
  • SLA-backed uptime
Contact us

Every plan includes

Managed hosting

Dedicated bare-metal servers

Automated backups

Daily backups with 30-day retention

SSL included

Automatic HTTPS with Let's Encrypt

Monitoring

24/7 uptime monitoring and alerting

Compliance-ready hosting

Every managed deployment runs on EU infrastructure. Data Processing Agreement available on request. All services covered under a single DPA.

View compliance documentation →

Ready to get started with Dependency-Track?

Your instance is provisioned in minutes. No credit card required for a consultation.

Contact us