Master the risks in your software supply chain
A platform for software composition analysis powered by Dependency-Track, installed and maintained by DINAO. Continuously identify your vulnerable dependencies — on our French servers, without exposing your code to third parties.
What is Dependency-Track?
Dependency-Track is an intelligent software composition analysis (SCA) platform, driven by the OWASP foundation, which enables organizations to identify and reduce risks within their software supply chain. It leverages the capabilities of an SBOM (Software Bill of Materials) to provide visibility that traditional tools cannot achieve.
Designed to integrate deeply into development and CI/CD environments, the platform continuously monitors components across all projects. It exploits several recognized vulnerability sources — NVD, GitHub Advisories, OSV, Sonatype OSS Index — and automatically correlates inventoried components with published vulnerabilities, alerting teams as soon as a new vulnerability emerges.
Beyond CVEs, Dependency-Track also tracks dependency obsolescence, license risks, and enforces customizable security policies. With its comprehensive REST API, notification support (email, Slack, webhooks), and dashboards, it serves as a cornerstone for DevSecOps initiatives and compliance efforts.
Host Dependency-Track at DINAO
Resource tiers compatible with Dependency-Track prerequisites (minimum 2 vCPU / 8192 Mo / 20 Go). Hosted in France, fully managed.
- 4 dedicated vCPU
- 8 Go RAM
- 80 GB NVMe
- Daily backups
- Managed & monitored by DINAO
- 8 dedicated vCPU
- 16 Go RAM
- 160 GB NVMe
- Daily backups
- Managed & monitored by DINAO
2 hidden tier(s) (insufficient resources for this app) : Découverte, Standard
Technical details
You might be wondering…
What is an SBOM and why do I need one?
An SBOM (Software Bill of Materials) is the detailed list of software components in an application. Dependency-Track uses it to cross-reference these components with known vulnerability databases and alert you continuously.
Is my source code sent anywhere?
No. Dependency-Track analyzes SBOMs (component lists), not your source code. These metadata remain on your instance hosted in France.
Can I integrate it into my CI/CD?
Yes. A comprehensive REST API allows you to automatically push your SBOMs with each build and retrieve analysis results within your pipelines.
Which vulnerability sources are used?
NVD, GitHub Advisories, OSV, Sonatype OSS Index, and other sources natively supported by Dependency-Track, updated regularly.
Where are the data hosted?
On DINAO infrastructure in France, in one of the available datacenters. Your SBOMs and project data do not leave the territory.