Changes for page Dependency-Track
Last modified by Milad Afshar-Jahanshahi on 2025/09/03 14:31
From version 35.1
edited by Milad Afshar-Jahanshahi
on 2025/09/03 13:01
on 2025/09/03 13:01
Change comment:
There is no comment for this version
To version 27.1
edited by Milad Afshar-Jahanshahi
on 2025/09/03 09:18
on 2025/09/03 09:18
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -1,12 +1,10 @@ 1 - STILL UNDER CONSTRUCTION1 +{{toc/}} 2 2 3 3 [[image:logo-dependency-track.YzQAjtqS_Z2pMQkR.webp||alt="Grafana Icon Logo PNG vector in SVG, PDF, AI, CDR format" data-xwiki-image-style-alignment="end" height="52" width="190"]] 4 4 5 -{{toc/}} 6 - 7 7 = Introduction = 8 8 9 -Dependency-Track is an open-source SoftwareCompositionAnalysis (SCA) toolthat helps organizations manage and secure their software supply chain. Itautomatically generates and maintains aSoftwareBill ofMaterials (SBOM) for projects,continuouslymonitoringdependencies for known vulnerabilities. Inaddition,ittracks license compliance of open-source components,giving teams greatervisibility and control.Byintegratingseamlessly into DevOpsandCI/CD pipelines,Dependency-Track makesit easier to embed security throughout thedevelopmentifecycle.7 +Dependency-Track is an open-source software composition analysis (SCA) tool. It creates and manages a software bill of materials (SBOM) for projects. The tool continuously checks dependencies for known vulnerabilities. It also tracks license compliance of open-source components. Teams gain visibility and control over their software supply chain. Helps integrate security into DevOps/CI-CD pipelines efficiently. 10 10 11 11 [[Vendor Page>>https://dependencytrack.org/]] 12 12 ... ... @@ -20,7 +20,10 @@ 20 20 21 21 = Accessing Dependency-Track = 22 22 23 -Dependency-Track is integrated into the DevOps-as-a-Service toolchain, but for now it’s only offered in the Pilotkunden Preview. To get started, a few prerequisites need to be in place. 21 +(% class="box warningmessage" %) 22 +((( 23 +Pilotkunden Preview ist 24 +))) 24 24 25 25 == Preconditions in DevOps portal to access Dependency-Track == 26 26 ... ... @@ -30,9 +30,13 @@ 30 30 (% class="box warningmessage" %) 31 31 ((( 32 32 ⚠ **Note** 33 - Unlikeothertools,loginisonlypossibleif theuserhasa validlicenseand isassigneda rolein atleastone Dependency-Trackproject.34 +Im Gegensatz zu anderen Tools ist ein Login nur dann möglich, wenn der User eine Lizenz hat und in mindestens einem DepTrack Projekt eine Rolle hat 34 34 ))) 35 35 37 + 38 + 39 + 40 + 36 36 After completing the preconditions, a project in Dependency-Track, which is part of the DevOps-as-a-Service toolchain, can be accessed via the DevOps Portal or directly through a URL. 37 37 38 38 == Via DevOps Portal == ... ... @@ -57,14 +57,14 @@ 57 57 58 58 59 59 60 -== Dependency-Track Jenkins Inte gration ==65 +== Dependency-Track Jenkins Interaction == 61 61 62 - WhenusingsdcPipeline(),Maven projectsautomatically generate a Software Bill of Materials(SBOM) and are pushed to Dependency-Track.This process is fully automated through the provided pipelinelibrary. Currently,this option is onlyavailablefor Maven projects.67 +Nur sdcPipeline() wird unterstützt, nur maven (bisher), alles automatisch 63 63 64 64 65 65 == Collection Project und Unterprojekte == 66 66 67 - In Dependency-Track, these Maven builds are organized under a **Collection Project**. Subprojects (for example, individual modules of a Maven project) are created as children of the collection. This makes it easier to see aggregated metrics, such as vulnerabilities and license compliance, without having to open each subproject individually.72 +TODO 68 68 69 69 = Users, Projects and Roles = 70 70