Dependency-Track, continuous software supply chain component analysis, ready to ingest an SBOM on first boot.
Dependency-Track is the OWASP flagship platform for software supply chain component analysis. It ingests CycloneDX SBOMs, continuously tracks every component against vulnerability intelligence, and reports risk across a portfolio of projects. Security and engineering teams use it to know what is in their software and which parts have become vulnerable.
cloudimg ships Dependency-Track hardened, fully patched and preconfigured with its database, reverse proxy and web interface already wired together, with data on a dedicated disk. A unique admin credential is generated on first boot and the well known default login is verified dead before the image ships. Paired with a step by step deploy guide and backed by 24/7 support.
Real screenshots taken while testing this image against its deployment guide.