Skip to Content

Changes for page Dependency-Track

Last modified by Milad Afshar-Jahanshahi on 2025/09/03 14:31
From version 32.1
edited by Milad Afshar-Jahanshahi
on 2025/09/03 12:53
Change comment: There is no comment for this version
To version 23.2
edited by Milad Afshar-Jahanshahi
on 2025/09/03 08:51
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,12 +1,10 @@
1 -STILL UNDER CONSTRUCTION
1 +{{toc/}}
2 2  
3 3  [[image:logo-dependency-track.YzQAjtqS_Z2pMQkR.webp||alt="Grafana Icon Logo PNG vector in SVG, PDF, AI, CDR format" data-xwiki-image-style-alignment="end" height="52" width="190"]]
4 4  
5 -{{toc/}}
6 -
7 7  = Introduction =
8 8  
9 -Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects, continuously monitoring dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle.
7 +Dependency-Track is an open-source software composition analysis (SCA) tool. It creates and manages a software bill of materials (SBOM) for projects. The tool continuously checks dependencies for known vulnerabilities. It also tracks license compliance of open-source components. Teams gain visibility and control over their software supply chain. Helps integrate security into DevOps/CI-CD pipelines efficiently.
10 10  
11 11  [[Vendor Page>>https://dependencytrack.org/]]
12 12  
... ... @@ -20,30 +20,11 @@
20 20  
21 21  = Accessing Dependency-Track =
22 22  
23 -
24 -Dependency-Track is integrated into the DOSSS toolchain, but for now it’s only offered in the Pilotkunden Preview. To get started, a few prerequisites need to be in place.
25 -
26 -
27 27  == Preconditions in DevOps portal to access Dependency-Track ==
28 28  
29 29  1. A Dependency-Track license must be assigned to the user
30 30  1. Dependency-Track must be added to the tool list of the project
31 31  
32 -(% class="box warningmessage" %)
33 -(((
34 -⚠ **Note**
35 -Im Gegensatz zu anderen Tools ist ein Login nur dann möglich, wenn der User eine Lizenz hat und in mindestens einem DepTrack Projekt eine Rolle hat
36 -)))
37 -
38 -
39 -
40 -
41 -
42 -
43 -
44 -
45 -
46 -
47 47  After completing the preconditions, a project in Dependency-Track, which is part of the DevOps-as-a-Service toolchain, can be accessed via the DevOps Portal or directly through a URL.
48 48  
49 49  == Via DevOps Portal ==
... ... @@ -66,17 +66,10 @@
66 66  
67 67  If you are not already logged in to another tool in the toolchain or the DevOps portal, then you have to login using your configured SSO credentials.
68 68  
48 +⚠ **Note**
49 +Access to the main wiki at [[https:~~/~~/<customer~>.devops.t-systems.net/xwiki>>https://<customer>.devops.t-systems.net/xwiki]] is forbidden due to security restrictions and therefore this page cannot be viewed.
50 +
69 69  
70 -
71 -== Dependency-Track Jenkins Interaction ==
72 -
73 -Nur sdcPipeline() wird unterstützt, nur maven (bisher), alles automatisch
74 -
75 -
76 -== Collection Project und Unterprojekte ==
77 -
78 -TODO
79 -
80 80  = Users, Projects and Roles =
81 81  
82 82  * Projects, users and their roles in projects are managed in the DevOps Portal, the corresponding functions in Dependency-Track are disabled (UI and API)
... ... @@ -87,7 +87,7 @@
87 87  * When Dependency-Track is added as a tool to an existing or new project, a corresponding subwiki is automatically created. Users assigned to the project in the DevOps Portal are then added to the subwiki with the roles defined in the configuration : 
88 88  ** Role mapping: (((
89 89  |=Project Role in DevOps Portal|=Permissions in XWiki
90 -|Admin| POLICY_VIOLATION_ANALYSIS,''VIEW_POLICY_VIOLATION,''VIEW_PORTFOLIO,'VIEW_VULNERABILITY,''VULNERABILITY_ANALYSIS'
62 +|Admin|View, comment, edit, and delete pages
91 91  |Master|(% colspan="1" %)Can view, comment, and edit pages, but cannot delete content
92 92  |Developer|(% colspan="1" %)Similar to Master
93 93  |Viewer|Read-only access. Can only view content, no edits or comments allowed
... ... @@ -97,7 +97,7 @@
97 97  
98 98  = Main Features =
99 99  
100 -Inside DevOps-as-a-Service, deptrack is mainly used for writing specifications and documentations. See below for a list of the main features of XWiki.
72 +Inside DevOps-as-a-Service, XWiki is mainly used for writing specifications and documentations. See below for a list of the main features of XWiki.
101 101  
102 102  == Collaborative Content Editing ==
103 103  
XWiki.XWikiComments[0]
Comment
... ... @@ -2,9 +2,9 @@
2 2  
3 3  Optionales Tool: aktivieren als Project Admin für das Projekt, zuweisen von Lizenzen als Portal Admin an die entsprechenden User
4 4  
5 -Im Gegensatz zu anderen Tools ist ein Login nur dann möglich, wenn der User eine Lizenz hat und in mindestens einem DepTrack Projekt eine Rolle hat  ~-~-> Done
5 +Im Gegensatz zu anderen Tools ist ein Login nur dann möglich, wenn der User eine Lizenz hat und in mindestens einem DepTrack Projekt eine Rolle hat
6 6  
7 -Dashboard -> DepTrack Login Seite  ~-~-> DOne
7 +Dashboard -> DepTrack Login Seite
8 8  
9 9  Pilotkunden Preview ist
10 10  
© 2018-2025 T-Systems International GmbH