Changes for page Dependency-Track

Summary

• Page properties (1 modified, 0 added, 0 removed)
• Objects (1 modified, 0 added, 0 removed)
  • XWiki.XWikiComments[0]

Details

Page properties

Content

...	...	@@ -1,12 +1,10 @@
1		-STILL UNDER CONSTRUCTION
	1	+{{toc/}}
2	2
3	3	[[image:logo-dependency-track.YzQAjtqS_Z2pMQkR.webp||alt="Grafana Icon Logo PNG vector in SVG, PDF, AI, CDR format" data-xwiki-image-style-alignment="end" height="52" width="190"]]
4	4
5		-{{toc/}}
6		-
7	7	= Introduction =
8	8
9		-Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects, continuously monitoring dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle.
	7	+Dependency-Track is an open-source software composition analysis (SCA) tool. It creates and manages a software bill of materials (SBOM) for projects. The tool continuously checks dependencies for known vulnerabilities. It also tracks license compliance of open-source components. Teams gain visibility and control over their software supply chain. Helps integrate security into DevOps/CI-CD pipelines efficiently.
10	10
11	11	[[Vendor Page>>https://dependencytrack.org/]]
12	12
...	...	@@ -20,29 +20,11 @@
20	20
21	21	= Accessing Dependency-Track =
22	22
23		-Dependency-Track is integrated into the DOAAS toolchain, but for now it’s only offered in the Pilotkunden Preview. To get started, a few prerequisites need to be in place.
24		-
25	25	== Preconditions in DevOps portal to access Dependency-Track ==
26	26
27	27	1. A Dependency-Track license must be assigned to the user
28	28	1. Dependency-Track must be added to the tool list of the project
29	29
30		-(% class="box warningmessage" %)
31		-(((
32		-⚠ **Note**
33		-Unlike other tools, login is only possible if the user has a valid license and is assigned a role in at least one Dependency-Track project.
34		-)))
35		-
36		-
37		-
38		-
39		-
40		-
41		-
42		-
43		-
44		-
45		-
46	46	After completing the preconditions, a project in Dependency-Track, which is part of the DevOps-as-a-Service toolchain, can be accessed via the DevOps Portal or directly through a URL.
47	47
48	48	== Via DevOps Portal ==
...	...	@@ -51,12 +51,9 @@
51	51
52	52	[[image:deptrack.png||alt="Deptrack -Tile" data-xwiki-image-style-border="true" height="211" width="459"]]
53	53
54		-(% class="box warningmessage" %)
55		-(((
56	56	⚠ **Note**
57	57	If you are still unable to access your project in Dependency-Track, it may be because you are logged in with an old session that still uses outdated permissions or To resolve this issue, please log out and then log in again:
58	58	\\[[image:login1.png||alt="Untitled2.png" height="250" width="600"]]
59		-)))
60	60
61	61	== Via Direct URL ==
62	62
...	...	@@ -65,17 +65,10 @@
65	65
66	66	If you are not already logged in to another tool in the toolchain or the DevOps portal, then you have to login using your configured SSO credentials.
67	67
	45	+⚠ **Note**
	46	+Access to the main wiki at [[https:~~/~~/<customer~>.devops.t-systems.net/xwiki>>https://<customer>.devops.t-systems.net/xwiki]] is forbidden due to security restrictions and therefore this page cannot be viewed.
	47	+
68	68
69		-
70		-== Dependency-Track Jenkins Interaction ==
71		-
72		-Nur sdcPipeline() wird unterstützt, nur maven (bisher), alles automatisch
73		-
74		-
75		-== Collection Project und Unterprojekte ==
76		-
77		-TODO
78		-
79	79	= Users, Projects and Roles =
80	80
81	81	* Projects, users and their roles in projects are managed in the DevOps Portal, the corresponding functions in Dependency-Track are disabled (UI and API)
...	...	@@ -86,7 +86,7 @@
86	86	* When Dependency-Track is added as a tool to an existing or new project, a corresponding subwiki is automatically created. Users assigned to the project in the DevOps Portal are then added to the subwiki with the roles defined in the configuration :
87	87	** Role mapping: (((
88	88	|=Project Role in DevOps Portal|=Permissions in XWiki
89		-|Admin| POLICY_VIOLATION_ANALYSIS,''VIEW_POLICY_VIOLATION,''VIEW_PORTFOLIO,'VIEW_VULNERABILITY,''VULNERABILITY_ANALYSIS'
	59	+|Admin|View, comment, edit, and delete pages
90	90	|Master|(% colspan="1" %)Can view, comment, and edit pages, but cannot delete content
91	91	|Developer|(% colspan="1" %)Similar to Master
92	92	|Viewer|Read-only access. Can only view content, no edits or comments allowed
...	...	@@ -96,7 +96,7 @@
96	96
97	97	= Main Features =
98	98
99		-Inside DevOps-as-a-Service, deptrack is mainly used for writing specifications and documentations. See below for a list of the main features of XWiki.
	69	+Inside DevOps-as-a-Service, XWiki is mainly used for writing specifications and documentations. See below for a list of the main features of XWiki.
100	100
101	101	== Collaborative Content Editing ==
102	102

XWiki.XWikiComments[0]

Comment

...	...	@@ -2,9 +2,9 @@
2	2
3	3	Optionales Tool: aktivieren als Project Admin für das Projekt, zuweisen von Lizenzen als Portal Admin an die entsprechenden User
4	4
5		-Im Gegensatz zu anderen Tools ist ein Login nur dann möglich, wenn der User eine Lizenz hat und in mindestens einem DepTrack Projekt eine Rolle hat  ~-~-> Done
	5	+Im Gegensatz zu anderen Tools ist ein Login nur dann möglich, wenn der User eine Lizenz hat und in mindestens einem DepTrack Projekt eine Rolle hat
6	6
7		-Dashboard -> DepTrack Login Seite  ~-~-> DOne
	7	+Dashboard -> DepTrack Login Seite
8	8
9	9	Pilotkunden Preview ist
10	10