This is a list of organizations that have spoken publicly about their adoption or production users that have added themselves (in alphabetical order):
| Organization | Contact | Description |
|---|---|---|
 Rohde & Schwarz |
@lukas-braune | At Rohde & Schwarz, we are deeply committed to ensuring the cybersecurity of our products, systems, and solutions. As part of our comprehensive security strategy, we utilize a diverse set of tools to safeguard our technology. We value Dependency-Track for its scalability, adherence to open standards, and active community. Additionally, we actively contribute to the development of Dependency-Track by adding features, improving its usability for large organizations, and strengthening its security posture. |
 World Kinect Corporation |
@aravindparappil46, @setchy | World Kinect Corporation (NYSE: WKC) uses Dependency-Track to continuously identify software supply chain risks and to enforce policy compliance across the portfolio. Its usage of Dependency-Track was showcased in the community meeting of May 2024. |
This is a list of adopters in early stages of production or pre-production (in alphabetical order):
| Organization | Contact | Description |
|---|---|---|
| Air France-KLM | @nekhtan | Air France-KLM has always been highly vigilant and profoundly committed to the realm of IT security. We use a variety of tools to ensure our systems' safety, one of which is the OWASP Dependency Track. This tool forms a crucial part of our vulnerability detection systems, scanning the Software Bill of Materials (SBOM) for each application and sending it to our in-house DT instance. With over 10,000 projects undergoing daily scans, our security measures are both comprehensive and rigorous. The Dependency Track API is not only highly configurable but also user-friendly, boasting a visually appealing user interface. The project is in a constant state of evolution, adapting and improving to meet the ever-changing landscape of IT security. The community of DT contributors is always ready to lend a hand when issues arise, making it not just an effective tool, but also a pleasure to work with as a developer. We extend our gratitude to the team behind the OWASP Dependency Track for their excellent work. We look forward to welcoming you aboard our flights soon! |
| Apex Fintech Solutions | @spawar-apex | Apex Fintech Solutions has integrated OWASP Dependency-Track into their CI/CD pipeline as part of the DevSecOps program. This integration allows for the upload of SBOMs (Software Bill of Materials) to the platform for comprehensive component analysis and a detailed understanding of the software inventory used in software applications. By analyzing the components in our monorepo, we enhance our vulnerability management program and gain valuable insights into transitive dependencies, which traditional SCA (Software Composition Analysis) tools often overlook. |
| Dutch Tax Office - Belastingdienst | @SudoHenk | Dutch Tax Office has integrated OWASP Dependency-Track into their development processes as part of the DevSecOps program. We integrate Dependency-Track with various platforms and programming languages to gain vulnerability insights in our internally developed software. We want to thank all contributors of Dependency-Track creating a resilient and extensible SCA tool. Especially the API is a huge asset to integrate within the current organization processes. |
If you have adopted OWASP Depenency Track and would like to be included in this list, feel free to submit a PR updating this file or open an issue.