Installation
Docker-Compose
Dependecy-track has already prepared docker images so we only have to make some small configurations. The first thing we are going to do is to create a file .env
with the database configuration data.
USERDB=dtrackOSDO
PASSWORDDB=dtrackPassword
DTRACKDB=dtrack
We create the network to connect the defectdojo to the traefik
docker networks create defectd
Next we create the file docker-compose.yml
in which we see 3 containers
- Postgres database
- API
- Front
The database if it is for testing it is not necessary, the api itself has its internal database, if we remove the lines from ALPINE_DATABASE
.
We have to change in the label of traefik of the Host example.com
for the domain that we want.
volumes:
dependency-track:
services:
dtrack-postgres:
image: postgres@sha256:f1314058032e52cce689f2daf3fffe7c136775e3fdd1af3fb36ae5cdc61c7891
container_name: dtrack-postgres
environment:
- POSTGRES_USER=${USERDB}
- POSTGRES_PASSWORD=${PASSWORDDB}
- POSTGRES_DB=${DTRACKDB}
volumes:
- postgres_data:/var/lib/postgresql/data
restart: unless-stopped
networks:
- dtrack
labels:
- "traefik.enable=false"
dtrack-apiserver:
image: dependencytrack/apiserver@sha256:bffd457f60dd4aed9a005d20b2a42b7307930518c2a081d1c28baa2c319f391d
container_name: dtrack-api
environment:
- ALPINE_DATABASE_MODE=external
- ALPINE_DATABASE_URL=jdbc:postgresql://dtrack-postgres:5432/${DTRACKDB}
- ALPINE_DATABASE_DRIVER=org.postgresql.Driver
- ALPINE_DATABASE_USERNAME=${USERDB}
- ALPINE_DATABASE_PASSWORD=${PASSWORDDB}
deploy:
resources:
limits:
memory: 12288m
reservations:
memory: 8192m
restart_policy:
condition: on-failure
volumes:
- 'dependency-track:/data'
restart: unless-stopped
depends_on:
- dtrack-postgres
labels:
- "traefik.enable=true"
- "traefik.http.routers.dtrackapi.rule=Host(`dtrack-api.example.com`)"
- "traefik.http.routers.dtrackapi.entrypoints=websecure"
- "traefik.http.routers.dtrackapi.tls=true"
- "traefik.http.routers.dtrackapi.tls.certresolver=le"
networks:
- dtrack
dtrack-frontend:
image: dependencytrack/frontend@sha256:63d6a6cc9f4cab15a056d4ec1ba9f8a87203415e8f1f73741fadee7f93bc191e
container_name: dtrack
depends_on:
- dtrack-apiserver
environment:
# The base URL of the API server.
# NOTE:
# * This URL must be reachable by the browsers of your users.
# * The frontend container itself does NOT communicate with the API server directly, it just serves static files.
# * When deploying to dedicated servers, please use the external IP or domain of the API server.
- API_BASE_URL=https://dtrack-api.example.com
labels:
- "traefik.enable=true"
- "traefik.http.routers.dtrack.rule=Host(`dtrack.example.com`)"
- "traefik.http.routers.dtrack.entrypoints=websecure"
- "traefik.http.routers.dtrack.tls=true"
- "traefik.http.routers.dtrack.tls.certresolver=le"
restart: unless-stopped
networks:
- dtrack
networks:
dtrack:
external: true
volumes:
postgres_data:
dependency-track:
Before starting it remember to add the network in traefik
You need at least 4G of ram on the host or the container will not start.
We started up the containers. This may take some time while the java system boots up.
docker-compose up -d
Kubernetes
To proceed with the installation of DependencyTrack on our platform as with other tools we first need to clone the repository of the same, so we can see the values we want to use in our deployment.
https://github.com/DependencyTrack/dependency-track
Clone the repository
git clone https://github.com/DependencyTrack/dependency-track
to be able to locate the helm chart and validate the configurations we want to make. Then we proceed to add the chart in our Kubernetes with
helm repo add evryfs-oss https://evryfs.github.io/helm-charts/
Here we have two options, or we copy and modify the values.yaml that we can get in the following route or we create a new one. If we clone it we go to the directory where the values.yaml is located.
cd charts/dependency-track/
In this file we must have the following parameters:
frontend:
enabled: true
annotations: {}
replicaCount: 2
image:
repository: dependencytrack/frontend
tag: 4.6.1
pullPolicy: IfNotPresent
env:
- name: API_BASE_URL
value: "https://dtrack.yourdomain.com"
# -- configuration of ingress
ingress:
enabled: true
tls:
enabled: true
secretName: "osdo-certs"
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
## allow large bom.xml uploads:
# nginx.ingress.kubernetes.io/proxy-body-size: 10m
host: dtrack.opensecdevops.com
ingressClassName: appsec-nginx
then proceed to install with helm.
helm upgrade --install dependency-track evryfs-oss/dependency-track -f values.yaml -n dependency-track --create-namespace
From the previous command we can note the following details:
- You use 'helm upgrade --install' because if it does not exist, install it and if it does exist, upgrade it.
- Use '--create-namespace' to create the namespace in Kuberentes if it is not already created.
- We use '-n dependency-track' to indicate the namespace where we want to install our application.