Wiki source code of Dependency Track
Version 31.2 by Milad Afshar-Jahanshahi on 2025/09/03 12:51
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
30.1 | 1 | STILL UNDER CONSTRUCTION |
| 2 | |||
| |
8.1 | 3 | [[image:logo-dependency-track.YzQAjtqS_Z2pMQkR.webp||alt="Grafana Icon Logo PNG vector in SVG, PDF, AI, CDR format" data-xwiki-image-style-alignment="end" height="52" width="190"]] |
| |
6.1 | 4 | |
| |
29.1 | 5 | {{toc/}} |
| |
28.1 | 6 | |
| |
6.1 | 7 | = Introduction = |
| 8 | |||
| |
31.1 | 9 | Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects, continuously monitoring dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle. |
| |
6.1 | 10 | |
| |
9.1 | 11 | [[Vendor Page>>https://dependencytrack.org/]] |
| |
6.1 | 12 | |
| |
9.2 | 13 | There are several useful resources available to get started with Deptrack: |
| |
6.1 | 14 | |
| |
9.2 | 15 | [[Dependency-Track Documentation>>https://docs.dependencytrack.org/]] |
| |
6.1 | 16 | |
| |
14.1 | 17 | [[Impact Analysis>>https://docs.dependencytrack.org/usage/impact-analysis/]] |
| 18 | |||
| |
12.1 | 19 | [[Collection-projects>>https://docs.dependencytrack.org/usage/collection-projects/]] |
| |
6.1 | 20 | |
| |
13.1 | 21 | = Accessing Dependency-Track = |
| |
6.1 | 22 | |
| |
26.2 | 23 | (% class="box warningmessage" %) |
| 24 | ((( | ||
| |
31.2 | 25 | In our toolchain, Dependency-Track is currently available only for Pilotkunden Preview. |
| |
26.2 | 26 | ))) |
| 27 | |||
| |
13.1 | 28 | == Preconditions in DevOps portal to access Dependency-Track == |
| |
6.1 | 29 | |
| |
13.1 | 30 | 1. A Dependency-Track license must be assigned to the user |
| 31 | 1. Dependency-Track must be added to the tool list of the project | ||
| |
6.1 | 32 | |
| |
25.1 | 33 | (% class="box warningmessage" %) |
| 34 | ((( | ||
| 35 | ⚠ **Note** | ||
| 36 | Im Gegensatz zu anderen Tools ist ein Login nur dann möglich, wenn der User eine Lizenz hat und in mindestens einem DepTrack Projekt eine Rolle hat | ||
| 37 | ))) | ||
| 38 | |||
| 39 | |||
| 40 | |||
| |
26.1 | 41 | |
| |
26.2 | 42 | |
| |
28.1 | 43 | |
| |
29.1 | 44 | |
| |
30.1 | 45 | |
| |
31.1 | 46 | |
| |
31.2 | 47 | |
| |
13.1 | 48 | After completing the preconditions, a project in Dependency-Track, which is part of the DevOps-as-a-Service toolchain, can be accessed via the DevOps Portal or directly through a URL. |
| |
6.1 | 49 | |
| 50 | == Via DevOps Portal == | ||
| 51 | |||
| |
16.1 | 52 | Go to the DevOps Portal Homepage and click on the link //Project// in the Project Vulnerabilities tile: |
| |
6.1 | 53 | |
| |
15.2 | 54 | [[image:deptrack.png||alt="Deptrack -Tile" data-xwiki-image-style-border="true" height="211" width="459"]] |
| |
6.1 | 55 | |
| |
23.2 | 56 | (% class="box warningmessage" %) |
| 57 | ((( | ||
| |
6.1 | 58 | ⚠ **Note** |
| |
16.2 | 59 | If you are still unable to access your project in Dependency-Track, it may be because you are logged in with an old session that still uses outdated permissions or To resolve this issue, please log out and then log in again: |
| |
18.1 | 60 | \\[[image:login1.png||alt="Untitled2.png" height="250" width="600"]] |
| |
23.2 | 61 | ))) |
| |
6.1 | 62 | |
| 63 | == Via Direct URL == | ||
| 64 | |||
| |
13.1 | 65 | You can also access Dependency-Track directly using the following link format: |
| |
23.1 | 66 | [[https:~~/~~/deptrack-<customer~>.devops.t-systems.net/projects>>https://<customer>.devops.t-systems.net/xwiki/wiki/<pkey>/view]] where <customer> is the id of your DevOps-as-a-Service instance. |
| |
6.1 | 67 | |
| 68 | If you are not already logged in to another tool in the toolchain or the DevOps portal, then you have to login using your configured SSO credentials. | ||
| 69 | |||
| 70 | |||
| |
26.1 | 71 | |
| 72 | == Dependency-Track Jenkins Interaction == | ||
| 73 | |||
| 74 | Nur sdcPipeline() wird unterstützt, nur maven (bisher), alles automatisch | ||
| 75 | |||
| 76 | |||
| |
26.2 | 77 | == Collection Project und Unterprojekte == |
| 78 | |||
| |
27.1 | 79 | TODO |
| 80 | |||
| |
6.1 | 81 | = Users, Projects and Roles = |
| 82 | |||
| |
13.1 | 83 | * Projects, users and their roles in projects are managed in the DevOps Portal, the corresponding functions in Dependency-Track are disabled (UI and API) |
| |
6.1 | 84 | |
| 85 | ⚠ **Note** | ||
| |
13.1 | 86 | Projects in the DevOps portal are mapped to the corresponding subwikis in Dependency-Track. |
| |
6.1 | 87 | |
| |
13.1 | 88 | * When Dependency-Track is added as a tool to an existing or new project, a corresponding subwiki is automatically created. Users assigned to the project in the DevOps Portal are then added to the subwiki with the roles defined in the configuration : |
| |
6.1 | 89 | ** Role mapping: ((( |
| 90 | |=Project Role in DevOps Portal|=Permissions in XWiki | ||
| |
24.1 | 91 | |Admin| POLICY_VIOLATION_ANALYSIS,''VIEW_POLICY_VIOLATION,''VIEW_PORTFOLIO,'VIEW_VULNERABILITY,''VULNERABILITY_ANALYSIS' |
| |
6.1 | 92 | |Master|(% colspan="1" %)Can view, comment, and edit pages, but cannot delete content |
| 93 | |Developer|(% colspan="1" %)Similar to Master | ||
| 94 | |Viewer|Read-only access. Can only view content, no edits or comments allowed | ||
| 95 | |||
| 96 | A detailed description of the XWiki role model can be found [[here>>https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Access%20Rights/Permission%20types/]] | ||
| 97 | ))) | ||
| 98 | |||
| 99 | = Main Features = | ||
| 100 | |||
| |
24.1 | 101 | Inside DevOps-as-a-Service, deptrack is mainly used for writing specifications and documentations. See below for a list of the main features of XWiki. |
| |
6.1 | 102 | |
| 103 | == Collaborative Content Editing == | ||
| 104 | |||
| 105 | * WYSIWYG and wiki syntax editors | ||
| 106 | * Version control and history tracking | ||
| 107 | * Inline and structured content editing | ||
| 108 | * Commenting and annotations | ||
| 109 | |||
| 110 | == Advanced Page & Document Management == | ||
| 111 | |||
| 112 | * Hierarchical page structure (nested pages) | ||
| 113 | * Templates for creating structured documents | ||
| 114 | * Tags, categories, and metadata support | ||
| 115 | * File attachments and preview | ||
| 116 | |||
| 117 | == Powerful Search and Navigation == | ||
| 118 | |||
| 119 | * Full-text search (Solr-based) | ||
| 120 | * Faceted search filters | ||
| 121 | * Page index, breadcrumbs, and navigation panels | ||
| 122 | |||
| 123 | == Macros and Widgets == | ||
| 124 | |||
| 125 | * Built-in and custom macros (charts, galleries, diagrams) | ||
| 126 | * Embedding of rich media (videos, iframes, etc.) | ||
| 127 | * Markdown and LaTeX support | ||
| 128 | |||
| 129 | |||
| 130 | |||
| 131 |