Deptic Documentation
Everything you need to understand, integrate, and get the most out of Deptic's software supply chain security platform.
Quick Start
Scan your first repository in 2 minutes
API Reference
Integrate Deptic into your CI/CD pipeline
CLI Scanner
Scan local projects from your terminal
What is Deptic?
Deptic is a software supply chain security platform that automatically generates Software Bills of Materials (SBOMs), detects known vulnerabilities (CVEs) across all dependencies, and verifies compliance with government mandates including US Executive Order 14028 (NTIA) and the EU Cyber Resilience Act.
Deptic supports 8 package ecosystems: npm, pip, Maven, Go, Rust, Ruby, PHP, and .NET. It resolves full transitive dependency trees — not just direct dependencies — giving complete visibility into every component your software ships with.
Key concepts
- SBOM: A Software Bill of Materials is a complete inventory of all components in a software product
- NTIA Minimum Elements: 7 data fields required by US federal mandate for each component
- PURL: Package URL — a standard identifier format for packages across all ecosystems
- CVE: Common Vulnerabilities and Exposures — a public database of known security vulnerabilities