Skip to content

Dependency Track

Dependency Track is an open source SBOM ( Software Bill Of Materials) OWASP project, that can help find vulnerabilites in your open source projects.

Install

 # Install Docker & Docker Compose - ubuntu script
 $ curl -fsSL https://raw.githubusercontent.com/decyphertek-io/configs/main/bash-scripts/docker.sh | bash
 # Logout & back in for docker group permissions to work. 
 $ mkdir dependencytrack && cd dependencytrack
 $ wget https://dependencytrack.org/docker-compose.yml
 $ docker compose up -d
 # Port conflict on ubuntu 22.04 , not sure why Ubuntu uses 8080 now? 
 # When I try to update docker-compose to 8082 , it listens via netstat, doesnt appear to work?
 ------
 OR
 -----
 # Pull the image from the Docker Hub OWASP repo
 $ docker pull dependencytrack/bundled
 # Creates a dedicated volume where data can be stored outside the container
 $ docker volume create --name dependency-track
 # Run the bundled container with 8GB RAM on port 8082
 $ docker run -d -m 8192m -p 8082:8082 --name dependency-track -v dependency-track:/data dependencytrack/bundled

References

 https://dependencytrack.org/