Skip to main content

Installation

Docker-Compose

Dependecy-track has already prepared docker images so we only have to make some small configurations. The first thing we are going to do is to create a file .env with the database configuration data.

.env
USERDB=dtrackOSDO
PASSWORDDB=dtrackPassword
DTRACKDB=dtrack

We create the network to connect the defectdojo to the traefik

docker networks create defectd

Next we create the file docker-compose.yml in which we see 3 containers

  • Postgres database
  • API
  • Front

The database if it is for testing it is not necessary, the api itself has its internal database, if we remove the lines from ALPINE_DATABASE.

We have to change in the label of traefik of the Host example.com for the domain that we want.

docker-compose.yml
volumes:
  dependency-track:

services:
  dtrack-postgres:
    image: postgres@sha256:f1314058032e52cce689f2daf3fffe7c136775e3fdd1af3fb36ae5cdc61c7891
    container_name: dtrack-postgres
    environment:
      - POSTGRES_USER=${USERDB}
      - POSTGRES_PASSWORD=${PASSWORDDB}
      - POSTGRES_DB=${DTRACKDB}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped
    networks:
      - dtrack
    labels:
      - "traefik.enable=false"

  dtrack-apiserver:
    image: dependencytrack/apiserver@sha256:bffd457f60dd4aed9a005d20b2a42b7307930518c2a081d1c28baa2c319f391d
    container_name: dtrack-api
    environment:
      - ALPINE_DATABASE_MODE=external
      - ALPINE_DATABASE_URL=jdbc:postgresql://dtrack-postgres:5432/${DTRACKDB}
      - ALPINE_DATABASE_DRIVER=org.postgresql.Driver
      - ALPINE_DATABASE_USERNAME=${USERDB}
      - ALPINE_DATABASE_PASSWORD=${PASSWORDDB}
    deploy:
      resources:
        limits:
          memory: 12288m
        reservations:
          memory: 8192m
      restart_policy:
        condition: on-failure
    volumes:
      - 'dependency-track:/data'
    restart: unless-stopped
    depends_on:
      - dtrack-postgres
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dtrackapi.rule=Host(`dtrack-api.example.com`)"
      - "traefik.http.routers.dtrackapi.entrypoints=websecure"
      - "traefik.http.routers.dtrackapi.tls=true"
      - "traefik.http.routers.dtrackapi.tls.certresolver=le"
    networks:
      - dtrack

  dtrack-frontend:
    image: dependencytrack/frontend@sha256:63d6a6cc9f4cab15a056d4ec1ba9f8a87203415e8f1f73741fadee7f93bc191e
    container_name: dtrack
    depends_on:
      - dtrack-apiserver
    environment:
      # The base URL of the API server.
      # NOTE:
      #   * This URL must be reachable by the browsers of your users.
      #   * The frontend container itself does NOT communicate with the API server directly, it just serves static files.
      #   * When deploying to dedicated servers, please use the external IP or domain of the API server.
      - API_BASE_URL=https://dtrack-api.example.com
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dtrack.rule=Host(`dtrack.example.com`)"
      - "traefik.http.routers.dtrack.entrypoints=websecure"
      - "traefik.http.routers.dtrack.tls=true"
      - "traefik.http.routers.dtrack.tls.certresolver=le"
    restart: unless-stopped
    networks:
      - dtrack

networks:
  dtrack:
    external: true

volumes:
  postgres_data:
  dependency-track:
tip

Before starting it remember to add the network in traefik

You need at least 4G of ram on the host or the container will not start.

We started up the containers. This may take some time while the java system boots up.

docker-compose up -d

Kubernetes

To proceed with the installation of DependencyTrack on our platform as with other tools we first need to clone the repository of the same, so we can see the values we want to use in our deployment.

https://github.com/DependencyTrack/dependency-track

Clone the repository

git clone https://github.com/DependencyTrack/dependency-track

to be able to locate the helm chart and validate the configurations we want to make. Then we proceed to add the chart in our Kubernetes with

helm repo add evryfs-oss https://evryfs.github.io/helm-charts/

Here we have two options, or we copy and modify the values.yaml that we can get in the following route or we create a new one. If we clone it we go to the directory where the values.yaml is located.

cd charts/dependency-track/

In this file we must have the following parameters:

frontend:
  enabled: true
  annotations: {}
  replicaCount: 2
  image:
    repository: dependencytrack/frontend
    tag: 4.6.1
    pullPolicy: IfNotPresent
  env:
    - name: API_BASE_URL
      value: "https://dtrack.yourdomain.com"
# -- configuration of ingress
ingress:
  enabled: true
  tls:
    enabled: true
    secretName: "osdo-certs"
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    ## allow large bom.xml uploads:
    # nginx.ingress.kubernetes.io/proxy-body-size: 10m
  host: dtrack.opensecdevops.com
  ingressClassName: appsec-nginx

then proceed to install with helm.

helm upgrade --install dependency-track evryfs-oss/dependency-track -f values.yaml -n dependency-track --create-namespace

From the previous command we can note the following details:

  1. You use 'helm upgrade --install' because if it does not exist, install it and if it does exist, upgrade it.
  2. Use '--create-namespace' to create the namespace in Kuberentes if it is not already created.
  3. We use '-n dependency-track' to indicate the namespace where we want to install our application.