Dependency tracking is the practice of identifying and monitoring the software components a system relies on, including direct libraries, transitive packages, build tools, and external services. In cyber security, it helps defenders understand what code is actually running, where updates come from, and which components could introduce vulnerabilities or supply chain risk. It is closely related to software bills of materials, vulnerability management, and secure procurement.
Attackers often target dependencies because one compromise can affect many systems. Common risks include malicious package uploads, typosquatting, dependency confusion, and compromised upstream libraries. Good dependency tracking supports defenses such as pinning versions, reviewing transitive dependencies, scanning for known vulnerabilities, and rapidly replacing or removing risky components. Without it, teams may patch one application while missing a hidden library that still exposes the environment.