Dependency Track

STILL UNDER CONSTRUCTION

[[image:logo-dependency-track.YzQAjtqS_Z2pMQkR.webp||alt="Grafana Icon Logo PNG vector in SVG, PDF, AI, CDR format" data-xwiki-image-style-alignment="end" height="52" width="190"]]

4

5

= Introduction =

Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects, continuously monitoring dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle.

10

11

[[Vendor Page>>https://dependencytrack.org/]]

12

13

There are several useful resources available to get started with Deptrack:

14

15

[[Dependency-Track Documentation>>https://docs.dependencytrack.org/]]

16

17

[[Impact Analysis>>https://docs.dependencytrack.org/usage/impact-analysis/]]

18

19

[[Collection-projects>>https://docs.dependencytrack.org/usage/collection-projects/]]

20

21

= Accessing Dependency-Track =

22

23

(% class="box warningmessage" %)

24

(((

25

In our toolchain, Dependency-Track is currently available only for Pilotkunden Preview.

26

)))

27

28

== Preconditions in DevOps portal to access Dependency-Track ==

29

30

1. A Dependency-Track license must be assigned to the user

31

1. Dependency-Track must be added to the tool list of the project

32

33

(% class="box warningmessage" %)

34

(((

35

⚠ **Note**

36

Im Gegensatz zu anderen Tools ist ein Login nur dann möglich, wenn der User eine Lizenz hat und in mindestens einem DepTrack Projekt eine Rolle hat

)))

After completing the preconditions, a project in Dependency-Track, which is part of the DevOps-as-a-Service toolchain, can be accessed via the DevOps Portal or directly through a URL.

49

50

== Via DevOps Portal ==

51

52

Go to the DevOps Portal Homepage and click on the link //Project// in the Project Vulnerabilities tile:

53

54

[[image:deptrack.png||alt="Deptrack -Tile" data-xwiki-image-style-border="true" height="211" width="459"]]

55

56

(% class="box warningmessage" %)

57

(((

58

⚠ **Note**

59

If you are still unable to access your project in Dependency-Track, it may be because you are logged in with an old session that still uses outdated permissions or To resolve this issue, please log out and then log in again:

60

\\[[image:login1.png||alt="Untitled2.png" height="250" width="600"]]

)))

== Via Direct URL ==

You can also access Dependency-Track directly using the following link format:

66

[[https:~~/~~/deptrack-<customer~>.devops.t-systems.net/projects>>https://<customer>.devops.t-systems.net/xwiki/wiki/<pkey>/view]] where <customer> is the id of your DevOps-as-a-Service instance.

67

68

If you are not already logged in to another tool in the toolchain or the DevOps portal, then you have to login using your configured SSO credentials.

== Dependency-Track Jenkins Interaction ==

73

74

Nur sdcPipeline() wird unterstützt, nur maven (bisher), alles automatisch

75

76

77

== Collection Project und Unterprojekte ==

TODO

= Users, Projects and Roles =

82

83

* Projects, users and their roles in projects are managed in the DevOps Portal, the corresponding functions in Dependency-Track are disabled (UI and API)

84

85

⚠ **Note**

86

Projects in the DevOps portal are mapped to the corresponding subwikis in Dependency-Track.

87

88

* When Dependency-Track is added as a tool to an existing or new project, a corresponding subwiki is automatically created. Users assigned to the project in the DevOps Portal are then added to the subwiki with the roles defined in the configuration :

89

** Role mapping: (((

90

|=Project Role in DevOps Portal|=Permissions in XWiki

91

|Admin| POLICY_VIOLATION_ANALYSIS,''VIEW_POLICY_VIOLATION,''VIEW_PORTFOLIO,'VIEW_VULNERABILITY,''VULNERABILITY_ANALYSIS'

92

|Master|(% colspan="1" %)Can view, comment, and edit pages, but cannot delete content

93

|Developer|(% colspan="1" %)Similar to Master

94

|Viewer|Read-only access. Can only view content, no edits or comments allowed

95

96

A detailed description of the XWiki role model can be found [[here>>https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Access%20Rights/Permission%20types/]]

)))

= Main Features =

Inside DevOps-as-a-Service, deptrack is mainly used for writing specifications and documentations. See below for a list of the main features of XWiki.

102

103

== Collaborative Content Editing ==

104

105

* WYSIWYG and wiki syntax editors

106

* Version control and history tracking

107

* Inline and structured content editing

108

* Commenting and annotations

109

110

== Advanced Page & Document Management ==

111

112

* Hierarchical page structure (nested pages)

113

* Templates for creating structured documents

114

* Tags, categories, and metadata support

115

* File attachments and preview

116

117

== Powerful Search and Navigation ==

118

119

* Full-text search (Solr-based)

120

* Faceted search filters

121

* Page index, breadcrumbs, and navigation panels

122

123

== Macros and Widgets ==

124

125

* Built-in and custom macros (charts, galleries, diagrams)

126

* Embedding of rich media (videos, iframes, etc.)

127

* Markdown and LaTeX support

author	version	line-number	content
		1	STILL UNDER CONSTRUCTION
		2
		3	[[image:logo-dependency-track.YzQAjtqS_Z2pMQkR.webp\|\|alt="Grafana Icon Logo PNG vector in SVG, PDF, AI, CDR format" data-xwiki-image-style-alignment="end" height="52" width="190"]]
		4
		5	{{toc/}}
		6
		7	= Introduction =
		8
		9	Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects, continuously monitoring dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle.
		10
		11	[[Vendor Page>>https://dependencytrack.org/]]
		12
		13	There are several useful resources available to get started with Deptrack:
		14
		15	[[Dependency-Track Documentation>>https://docs.dependencytrack.org/]]
		16
		17	[[Impact Analysis>>https://docs.dependencytrack.org/usage/impact-analysis/]]
		18
		19	[[Collection-projects>>https://docs.dependencytrack.org/usage/collection-projects/]]
		20
		21	= Accessing Dependency-Track =
		22
		23	(% class="box warningmessage" %)
		24	(((
		25	In our toolchain, Dependency-Track is currently available only for Pilotkunden Preview.
		26	)))
		27
		28	== Preconditions in DevOps portal to access Dependency-Track ==
		29
		30	1. A Dependency-Track license must be assigned to the user
		31	1. Dependency-Track must be added to the tool list of the project
		32
		33	(% class="box warningmessage" %)
		34	(((
		35	⚠ Note
		36	Im Gegensatz zu anderen Tools ist ein Login nur dann möglich, wenn der User eine Lizenz hat und in mindestens einem DepTrack Projekt eine Rolle hat
		37	)))
		38
		39
		40
		41
		42
		43
		44
		45
		46
		47
		48	After completing the preconditions, a project in Dependency-Track, which is part of the DevOps-as-a-Service toolchain, can be accessed via the DevOps Portal or directly through a URL.
		49
		50	== Via DevOps Portal ==
		51
		52	Go to the DevOps Portal Homepage and click on the link //Project// in the Project Vulnerabilities tile:
		53
		54	[[image:deptrack.png\|\|alt="Deptrack -Tile" data-xwiki-image-style-border="true" height="211" width="459"]]
		55
		56	(% class="box warningmessage" %)
		57	(((
		58	⚠ Note
		59	If you are still unable to access your project in Dependency-Track, it may be because you are logged in with an old session that still uses outdated permissions or To resolve this issue, please log out and then log in again:
		60	\\[[image:login1.png\|\|alt="Untitled2.png" height="250" width="600"]]
		61	)))
		62
		63	== Via Direct URL ==
		64
		65	You can also access Dependency-Track directly using the following link format:
		66	[[https:~~/~~/deptrack-<customer~>.devops.t-systems.net/projects>>https://<customer>.devops.t-systems.net/xwiki/wiki/<pkey>/view]] where <customer> is the id of your DevOps-as-a-Service instance.
		67
		68	If you are not already logged in to another tool in the toolchain or the DevOps portal, then you have to login using your configured SSO credentials.
		69
		70
		71
		72	== Dependency-Track Jenkins Interaction ==
		73
		74	Nur sdcPipeline() wird unterstützt, nur maven (bisher), alles automatisch
		75
		76
		77	== Collection Project und Unterprojekte ==
		78
		79	TODO
		80
		81	= Users, Projects and Roles =
		82
		83	* Projects, users and their roles in projects are managed in the DevOps Portal, the corresponding functions in Dependency-Track are disabled (UI and API)
		84
		85	⚠ Note
		86	Projects in the DevOps portal are mapped to the corresponding subwikis in Dependency-Track.
		87
		88	* When Dependency-Track is added as a tool to an existing or new project, a corresponding subwiki is automatically created. Users assigned to the project in the DevOps Portal are then added to the subwiki with the roles defined in the configuration :
		89	** Role mapping: (((
		90	\|=Project Role in DevOps Portal\|=Permissions in XWiki
		91	\|Admin\| POLICY_VIOLATION_ANALYSIS,''VIEW_POLICY_VIOLATION,''VIEW_PORTFOLIO,'VIEW_VULNERABILITY,''VULNERABILITY_ANALYSIS'
		92	\|Master\|(% colspan="1" %)Can view, comment, and edit pages, but cannot delete content
		93	\|Developer\|(% colspan="1" %)Similar to Master
		94	\|Viewer\|Read-only access. Can only view content, no edits or comments allowed
		95
		96	A detailed description of the XWiki role model can be found [[here>>https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Access%20Rights/Permission%20types/]]
		97	)))
		98
		99	= Main Features =
		100
		101	Inside DevOps-as-a-Service, deptrack is mainly used for writing specifications and documentations. See below for a list of the main features of XWiki.
		102
		103	== Collaborative Content Editing ==
		104
		105	* WYSIWYG and wiki syntax editors
		106	* Version control and history tracking
		107	* Inline and structured content editing
		108	* Commenting and annotations
		109
		110	== Advanced Page & Document Management ==
		111
		112	* Hierarchical page structure (nested pages)
		113	* Templates for creating structured documents
		114	* Tags, categories, and metadata support
		115	* File attachments and preview
		116
		117	== Powerful Search and Navigation ==
		118
		119	* Full-text search (Solr-based)
		120	* Faceted search filters
		121	* Page index, breadcrumbs, and navigation panels
		122
		123	== Macros and Widgets ==
		124
		125	* Built-in and custom macros (charts, galleries, diagrams)
		126	* Embedding of rich media (videos, iframes, etc.)
		127	* Markdown and LaTeX support
		128
		129
		130
		131

Wiki source code of Dependency Track

DevOps-as-a-Service