Wiki source code of Dependency Track
Version 35.1 by Milad Afshar-Jahanshahi on 2025/09/03 13:01
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
30.1 | 1 | STILL UNDER CONSTRUCTION |
| 2 | |||
| |
8.1 | 3 | [[image:logo-dependency-track.YzQAjtqS_Z2pMQkR.webp||alt="Grafana Icon Logo PNG vector in SVG, PDF, AI, CDR format" data-xwiki-image-style-alignment="end" height="52" width="190"]] |
| |
6.1 | 4 | |
| |
29.1 | 5 | {{toc/}} |
| |
28.1 | 6 | |
| |
6.1 | 7 | = Introduction = |
| 8 | |||
| |
31.1 | 9 | Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects, continuously monitoring dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle. |
| |
6.1 | 10 | |
| |
9.1 | 11 | [[Vendor Page>>https://dependencytrack.org/]] |
| |
6.1 | 12 | |
| |
9.2 | 13 | There are several useful resources available to get started with Deptrack: |
| |
6.1 | 14 | |
| |
9.2 | 15 | [[Dependency-Track Documentation>>https://docs.dependencytrack.org/]] |
| |
6.1 | 16 | |
| |
14.1 | 17 | [[Impact Analysis>>https://docs.dependencytrack.org/usage/impact-analysis/]] |
| 18 | |||
| |
12.1 | 19 | [[Collection-projects>>https://docs.dependencytrack.org/usage/collection-projects/]] |
| |
6.1 | 20 | |
| |
13.1 | 21 | = Accessing Dependency-Track = |
| |
6.1 | 22 | |
| |
33.2 | 23 | Dependency-Track is integrated into the DevOps-as-a-Service toolchain, but for now it’s only offered in the Pilotkunden Preview. To get started, a few prerequisites need to be in place. |
| |
26.2 | 24 | |
| |
13.1 | 25 | == Preconditions in DevOps portal to access Dependency-Track == |
| |
6.1 | 26 | |
| |
13.1 | 27 | 1. A Dependency-Track license must be assigned to the user |
| 28 | 1. Dependency-Track must be added to the tool list of the project | ||
| |
6.1 | 29 | |
| |
25.1 | 30 | (% class="box warningmessage" %) |
| 31 | ((( | ||
| 32 | ⚠ **Note** | ||
| |
32.2 | 33 | Unlike other tools, login is only possible if the user has a valid license and is assigned a role in at least one Dependency-Track project. |
| |
25.1 | 34 | ))) |
| 35 | |||
| |
13.1 | 36 | After completing the preconditions, a project in Dependency-Track, which is part of the DevOps-as-a-Service toolchain, can be accessed via the DevOps Portal or directly through a URL. |
| |
6.1 | 37 | |
| 38 | == Via DevOps Portal == | ||
| 39 | |||
| |
16.1 | 40 | Go to the DevOps Portal Homepage and click on the link //Project// in the Project Vulnerabilities tile: |
| |
6.1 | 41 | |
| |
15.2 | 42 | [[image:deptrack.png||alt="Deptrack -Tile" data-xwiki-image-style-border="true" height="211" width="459"]] |
| |
6.1 | 43 | |
| |
23.2 | 44 | (% class="box warningmessage" %) |
| 45 | ((( | ||
| |
6.1 | 46 | ⚠ **Note** |
| |
16.2 | 47 | If you are still unable to access your project in Dependency-Track, it may be because you are logged in with an old session that still uses outdated permissions or To resolve this issue, please log out and then log in again: |
| |
18.1 | 48 | \\[[image:login1.png||alt="Untitled2.png" height="250" width="600"]] |
| |
23.2 | 49 | ))) |
| |
6.1 | 50 | |
| 51 | == Via Direct URL == | ||
| 52 | |||
| |
13.1 | 53 | You can also access Dependency-Track directly using the following link format: |
| |
23.1 | 54 | [[https:~~/~~/deptrack-<customer~>.devops.t-systems.net/projects>>https://<customer>.devops.t-systems.net/xwiki/wiki/<pkey>/view]] where <customer> is the id of your DevOps-as-a-Service instance. |
| |
6.1 | 55 | |
| 56 | If you are not already logged in to another tool in the toolchain or the DevOps portal, then you have to login using your configured SSO credentials. | ||
| 57 | |||
| 58 | |||
| |
26.1 | 59 | |
| |
33.3 | 60 | == Dependency-Track Jenkins Integration == |
| |
26.1 | 61 | |
| |
34.1 | 62 | When using sdcPipeline(), Maven projects automatically generate a Software Bill of Materials (SBOM) and are pushed to Dependency-Track. This process is fully automated through the provided pipeline library. Currently, this option is only available for Maven projects. |
| |
26.1 | 63 | |
| 64 | |||
| |
26.2 | 65 | == Collection Project und Unterprojekte == |
| 66 | |||
| |
35.1 | 67 | In Dependency-Track, these Maven builds are organized under a **Collection Project**. Subprojects (for example, individual modules of a Maven project) are created as children of the collection. This makes it easier to see aggregated metrics, such as vulnerabilities and license compliance, without having to open each subproject individually. |
| |
27.1 | 68 | |
| |
6.1 | 69 | = Users, Projects and Roles = |
| 70 | |||
| |
13.1 | 71 | * Projects, users and their roles in projects are managed in the DevOps Portal, the corresponding functions in Dependency-Track are disabled (UI and API) |
| |
6.1 | 72 | |
| 73 | ⚠ **Note** | ||
| |
13.1 | 74 | Projects in the DevOps portal are mapped to the corresponding subwikis in Dependency-Track. |
| |
6.1 | 75 | |
| |
13.1 | 76 | * When Dependency-Track is added as a tool to an existing or new project, a corresponding subwiki is automatically created. Users assigned to the project in the DevOps Portal are then added to the subwiki with the roles defined in the configuration : |
| |
6.1 | 77 | ** Role mapping: ((( |
| 78 | |=Project Role in DevOps Portal|=Permissions in XWiki | ||
| |
24.1 | 79 | |Admin| POLICY_VIOLATION_ANALYSIS,''VIEW_POLICY_VIOLATION,''VIEW_PORTFOLIO,'VIEW_VULNERABILITY,''VULNERABILITY_ANALYSIS' |
| |
6.1 | 80 | |Master|(% colspan="1" %)Can view, comment, and edit pages, but cannot delete content |
| 81 | |Developer|(% colspan="1" %)Similar to Master | ||
| 82 | |Viewer|Read-only access. Can only view content, no edits or comments allowed | ||
| 83 | |||
| 84 | A detailed description of the XWiki role model can be found [[here>>https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Access%20Rights/Permission%20types/]] | ||
| 85 | ))) | ||
| 86 | |||
| 87 | = Main Features = | ||
| 88 | |||
| |
24.1 | 89 | Inside DevOps-as-a-Service, deptrack is mainly used for writing specifications and documentations. See below for a list of the main features of XWiki. |
| |
6.1 | 90 | |
| 91 | == Collaborative Content Editing == | ||
| 92 | |||
| 93 | * WYSIWYG and wiki syntax editors | ||
| 94 | * Version control and history tracking | ||
| 95 | * Inline and structured content editing | ||
| 96 | * Commenting and annotations | ||
| 97 | |||
| 98 | == Advanced Page & Document Management == | ||
| 99 | |||
| 100 | * Hierarchical page structure (nested pages) | ||
| 101 | * Templates for creating structured documents | ||
| 102 | * Tags, categories, and metadata support | ||
| 103 | * File attachments and preview | ||
| 104 | |||
| 105 | == Powerful Search and Navigation == | ||
| 106 | |||
| 107 | * Full-text search (Solr-based) | ||
| 108 | * Faceted search filters | ||
| 109 | * Page index, breadcrumbs, and navigation panels | ||
| 110 | |||
| 111 | == Macros and Widgets == | ||
| 112 | |||
| 113 | * Built-in and custom macros (charts, galleries, diagrams) | ||
| 114 | * Embedding of rich media (videos, iframes, etc.) | ||
| 115 | * Markdown and LaTeX support | ||
| 116 | |||
| 117 | |||
| 118 | |||
| 119 |