Changes for page Dependency-Track

Last modified by Milad Afshar-Jahanshahi on 2025/09/03 14:31

From 29.1 to 28.1 From 37.1 to 36.2

From version 36.2

edited by Milad Afshar-Jahanshahi
on 2025/09/03 13:04

Change comment: There is no comment for this version

To version 29.1

edited by Milad Afshar-Jahanshahi
on 2025/09/03 09:26

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

@@ -1,5 +3,3 @@
--STILL UNDER CONSTRUCTION
--
  [[image:logo-dependency-track.YzQAjtqS_Z2pMQkR.webp||alt="Grafana Icon Logo PNG vector in SVG, PDF, AI, CDR format" data-xwiki-image-style-alignment="end" height="52" width="190"]]
  {{toc/}}
@@ -6,7 +6,7 @@
  = Introduction =
--Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects, continuously monitoring dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle.
++Dependency-Track is an open-source software composition analysis (SCA) tool. It creates and manages a software bill of materials (SBOM) for projects. The tool continuously checks dependencies for known vulnerabilities. It also tracks license compliance of open-source components. Teams gain visibility and control over their software supply chain. Helps integrate security into DevOps/CI-CD pipelines efficiently.
  [[Vendor Page>>https://dependencytrack.org/]]
@@ -20,7 +20,10 @@
  = Accessing Dependency-Track =
--Dependency-Track is integrated into the DevOps-as-a-Service toolchain, but for now it’s only offered in the Pilotkunden Preview. To get started, a few prerequisites need to be in place.
++(% class="box warningmessage" %)
++(((
++Pilotkunden Preview ist
++)))
  == Preconditions in DevOps portal to access Dependency-Track ==
@@ -30,9 +30,15 @@
  (% class="box warningmessage" %)
  (((
  ⚠ **Note**
--Unlike other tools, login is only possible if the user has a valid license and is assigned a role in at least one Dependency-Track project.
++Im Gegensatz zu anderen Tools ist ein Login nur dann möglich, wenn der User eine Lizenz hat und in mindestens einem DepTrack Projekt eine Rolle hat
  )))
++
++
++
++
++
++
  After completing the preconditions, a project in Dependency-Track, which is part of the DevOps-as-a-Service toolchain, can be accessed via the DevOps Portal or directly through a URL.
  == Via DevOps Portal ==
@@ -56,19 +56,17 @@
  If you are not already logged in to another tool in the toolchain or the DevOps portal, then you have to login using your configured SSO credentials.
--= Projects =
--== Dependency-Track Jenkins Integration ==
++== Dependency-Track Jenkins Interaction ==
--When using sdcPipeline(), Maven projects automatically generate a Software Bill of Materials (SBOM) and are pushed to Dependency-Track. This process is fully automated through the provided pipeline library. Currently, this option is only available for Maven projects.
++Nur sdcPipeline() wird unterstützt, nur maven (bisher), alles automatisch
--== Collection Project ==
++== Collection Project und Unterprojekte ==
--In Dependency-Track, these Maven builds are organized under a **Collection Project**. Subprojects (for example, individual modules of a Maven project) are created as children of the collection. This makes it easier to see aggregated metrics, such as vulnerabilities and license compliance, without having to open each subproject individually.
--For more details, see the [[Collection Projects>>https://docs.dependencytrack.org/usage/collection-projects/]] section in the Dependency-Track documentation.
++TODO
--= Users and Roles =
++= Users, Projects and Roles =
  * Projects, users and their roles in projects are managed in the DevOps Portal, the corresponding functions in Dependency-Track are disabled (UI and API)