Dependency Track

STILL UNDER CONSTRUCTION

[[image:logo-dependency-track.YzQAjtqS_Z2pMQkR.webp||alt="Grafana Icon Logo PNG vector in SVG, PDF, AI, CDR format" data-xwiki-image-style-alignment="end" height="52" width="190"]]

4

5

= Introduction =

Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects, continuously monitoring dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle.

10

11

[[Vendor Page>>https://dependencytrack.org/]]

12

13

There are several useful resources available to get started with Deptrack:

14

15

[[Dependency-Track Documentation>>https://docs.dependencytrack.org/]]

16

17

[[Impact Analysis>>https://docs.dependencytrack.org/usage/impact-analysis/]]

18

19

[[Collection-projects>>https://docs.dependencytrack.org/usage/collection-projects/]]

20

21

= Accessing Dependency-Track =

22

23

Dependency-Track is integrated into the DevOps-as-a-Service toolchain, but for now it’s only offered in the Pilotkunden Preview. To get started, a few prerequisites need to be in place.

24

25

== Preconditions in DevOps portal to access Dependency-Track ==

26

27

1. A Dependency-Track license must be assigned to the user

28

1. Dependency-Track must be added to the tool list of the project

29

30

(% class="box warningmessage" %)

31

(((

32

⚠ **Note**

33

Unlike other tools, login is only possible if the user has a valid license and is assigned a role in at least one Dependency-Track project.

34

)))

35

36

After completing the preconditions, a project in Dependency-Track, which is part of the DevOps-as-a-Service toolchain, can be accessed via the DevOps Portal or directly through a URL.

37

38

== Via DevOps Portal ==

39

40

Go to the DevOps Portal Homepage and click on the link //Project// in the Project Vulnerabilities tile:

41

42

[[image:deptrack.png||alt="Deptrack -Tile" data-xwiki-image-style-border="true" height="211" width="459"]]

43

44

(% class="box warningmessage" %)

45

(((

46

⚠ **Note**

47

If you are still unable to access your project in Dependency-Track, it may be because you are logged in with an old session that still uses outdated permissions or To resolve this issue, please log out and then log in again:

48

\\[[image:login1.png||alt="Untitled2.png" height="250" width="600"]]

)))

== Via Direct URL ==

You can also access Dependency-Track directly using the following link format:

54

[[https:~~/~~/deptrack-<customer~>.devops.t-systems.net/projects>>https://<customer>.devops.t-systems.net/xwiki/wiki/<pkey>/view]] where <customer> is the id of your DevOps-as-a-Service instance.

55

56

If you are not already logged in to another tool in the toolchain or the DevOps portal, then you have to login using your configured SSO credentials.

= Projects =

== Dependency-Track Jenkins Integration ==

62

63

When using sdcPipeline(), Maven projects automatically generate a Software Bill of Materials (SBOM) and are pushed to Dependency-Track. This process is fully automated through the provided pipeline library. Currently, this option is only available for Maven projects.

64

65

66

== Collection Project und Unterprojekte ==

67

68

In Dependency-Track, these Maven builds are organized under a **Collection Project**. Subprojects (for example, individual modules of a Maven project) are created as children of the collection. This makes it easier to see aggregated metrics, such as vulnerabilities and license compliance, without having to open each subproject individually.

= Users and Roles =

* Projects, users and their roles in projects are managed in the DevOps Portal, the corresponding functions in Dependency-Track are disabled (UI and API)

73

74

⚠ **Note**

75

Projects in the DevOps portal are mapped to the corresponding subwikis in Dependency-Track.

76

77

* When Dependency-Track is added as a tool to an existing or new project, a corresponding subwiki is automatically created. Users assigned to the project in the DevOps Portal are then added to the subwiki with the roles defined in the configuration :

78

** Role mapping: (((

79

|=Project Role in DevOps Portal|=Permissions in XWiki

80

|Admin| POLICY_VIOLATION_ANALYSIS,''VIEW_POLICY_VIOLATION,''VIEW_PORTFOLIO,'VIEW_VULNERABILITY,''VULNERABILITY_ANALYSIS'

81

|Master|(% colspan="1" %)Can view, comment, and edit pages, but cannot delete content

82

|Developer|(% colspan="1" %)Similar to Master

83

|Viewer|Read-only access. Can only view content, no edits or comments allowed

84

85

A detailed description of the XWiki role model can be found [[here>>https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Access%20Rights/Permission%20types/]]

)))

= Main Features =

Inside DevOps-as-a-Service, deptrack is mainly used for writing specifications and documentations. See below for a list of the main features of XWiki.

91

92

== Collaborative Content Editing ==

93

94

* WYSIWYG and wiki syntax editors

95

* Version control and history tracking

96

* Inline and structured content editing

97

* Commenting and annotations

98

99

== Advanced Page & Document Management ==

100

101

* Hierarchical page structure (nested pages)

102

* Templates for creating structured documents

103

* Tags, categories, and metadata support

104

* File attachments and preview

105

106

== Powerful Search and Navigation ==

107

108

* Full-text search (Solr-based)

109

* Faceted search filters

110

* Page index, breadcrumbs, and navigation panels

111

112

== Macros and Widgets ==

113

114

* Built-in and custom macros (charts, galleries, diagrams)

115

* Embedding of rich media (videos, iframes, etc.)

116

* Markdown and LaTeX support

author	version	line-number	content
		1	STILL UNDER CONSTRUCTION
		2
		3	[[image:logo-dependency-track.YzQAjtqS_Z2pMQkR.webp\|\|alt="Grafana Icon Logo PNG vector in SVG, PDF, AI, CDR format" data-xwiki-image-style-alignment="end" height="52" width="190"]]
		4
		5	{{toc/}}
		6
		7	= Introduction =
		8
		9	Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects, continuously monitoring dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle.
		10
		11	[[Vendor Page>>https://dependencytrack.org/]]
		12
		13	There are several useful resources available to get started with Deptrack:
		14
		15	[[Dependency-Track Documentation>>https://docs.dependencytrack.org/]]
		16
		17	[[Impact Analysis>>https://docs.dependencytrack.org/usage/impact-analysis/]]
		18
		19	[[Collection-projects>>https://docs.dependencytrack.org/usage/collection-projects/]]
		20
		21	= Accessing Dependency-Track =
		22
		23	Dependency-Track is integrated into the DevOps-as-a-Service toolchain, but for now it’s only offered in the Pilotkunden Preview. To get started, a few prerequisites need to be in place.
		24
		25	== Preconditions in DevOps portal to access Dependency-Track ==
		26
		27	1. A Dependency-Track license must be assigned to the user
		28	1. Dependency-Track must be added to the tool list of the project
		29
		30	(% class="box warningmessage" %)
		31	(((
		32	⚠ Note
		33	Unlike other tools, login is only possible if the user has a valid license and is assigned a role in at least one Dependency-Track project.
		34	)))
		35
		36	After completing the preconditions, a project in Dependency-Track, which is part of the DevOps-as-a-Service toolchain, can be accessed via the DevOps Portal or directly through a URL.
		37
		38	== Via DevOps Portal ==
		39
		40	Go to the DevOps Portal Homepage and click on the link //Project// in the Project Vulnerabilities tile:
		41
		42	[[image:deptrack.png\|\|alt="Deptrack -Tile" data-xwiki-image-style-border="true" height="211" width="459"]]
		43
		44	(% class="box warningmessage" %)
		45	(((
		46	⚠ Note
		47	If you are still unable to access your project in Dependency-Track, it may be because you are logged in with an old session that still uses outdated permissions or To resolve this issue, please log out and then log in again:
		48	\\[[image:login1.png\|\|alt="Untitled2.png" height="250" width="600"]]
		49	)))
		50
		51	== Via Direct URL ==
		52
		53	You can also access Dependency-Track directly using the following link format:
		54	[[https:~~/~~/deptrack-<customer~>.devops.t-systems.net/projects>>https://<customer>.devops.t-systems.net/xwiki/wiki/<pkey>/view]] where <customer> is the id of your DevOps-as-a-Service instance.
		55
		56	If you are not already logged in to another tool in the toolchain or the DevOps portal, then you have to login using your configured SSO credentials.
		57
		58
		59	= Projects =
		60
		61	== Dependency-Track Jenkins Integration ==
		62
		63	When using sdcPipeline(), Maven projects automatically generate a Software Bill of Materials (SBOM) and are pushed to Dependency-Track. This process is fully automated through the provided pipeline library. Currently, this option is only available for Maven projects.
		64
		65
		66	== Collection Project und Unterprojekte ==
		67
		68	In Dependency-Track, these Maven builds are organized under a Collection Project. Subprojects (for example, individual modules of a Maven project) are created as children of the collection. This makes it easier to see aggregated metrics, such as vulnerabilities and license compliance, without having to open each subproject individually.
		69
		70	= Users and Roles =
		71
		72	* Projects, users and their roles in projects are managed in the DevOps Portal, the corresponding functions in Dependency-Track are disabled (UI and API)
		73
		74	⚠ Note
		75	Projects in the DevOps portal are mapped to the corresponding subwikis in Dependency-Track.
		76
		77	* When Dependency-Track is added as a tool to an existing or new project, a corresponding subwiki is automatically created. Users assigned to the project in the DevOps Portal are then added to the subwiki with the roles defined in the configuration :
		78	** Role mapping: (((
		79	\|=Project Role in DevOps Portal\|=Permissions in XWiki
		80	\|Admin\| POLICY_VIOLATION_ANALYSIS,''VIEW_POLICY_VIOLATION,''VIEW_PORTFOLIO,'VIEW_VULNERABILITY,''VULNERABILITY_ANALYSIS'
		81	\|Master\|(% colspan="1" %)Can view, comment, and edit pages, but cannot delete content
		82	\|Developer\|(% colspan="1" %)Similar to Master
		83	\|Viewer\|Read-only access. Can only view content, no edits or comments allowed
		84
		85	A detailed description of the XWiki role model can be found [[here>>https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Access%20Rights/Permission%20types/]]
		86	)))
		87
		88	= Main Features =
		89
		90	Inside DevOps-as-a-Service, deptrack is mainly used for writing specifications and documentations. See below for a list of the main features of XWiki.
		91
		92	== Collaborative Content Editing ==
		93
		94	* WYSIWYG and wiki syntax editors
		95	* Version control and history tracking
		96	* Inline and structured content editing
		97	* Commenting and annotations
		98
		99	== Advanced Page & Document Management ==
		100
		101	* Hierarchical page structure (nested pages)
		102	* Templates for creating structured documents
		103	* Tags, categories, and metadata support
		104	* File attachments and preview
		105
		106	== Powerful Search and Navigation ==
		107
		108	* Full-text search (Solr-based)
		109	* Faceted search filters
		110	* Page index, breadcrumbs, and navigation panels
		111
		112	== Macros and Widgets ==
		113
		114	* Built-in and custom macros (charts, galleries, diagrams)
		115	* Embedding of rich media (videos, iframes, etc.)
		116	* Markdown and LaTeX support
		117
		118
		119
		120

Wiki source code of Dependency Track

DevOps-as-a-Service