Ultimate DevSecOps Bootcamp by School of Devops: Dependency Tracker


Делаю:
2026.01.02

$ helm repo add dependency-track https://dependencytrack.github.io/helm-charts
$ helm repo update



$ export PROFILE=${USER}-minikube
$ export INGRESS_HOST=$(minikube --profile ${PROFILE} ip)
$ echo dependencytrack.$INGRESS_HOST.nip.io



$ cd ~/tmp



$ cat > deptrack.values.yaml <<EOF
ingress:
  enabled: true
  tls: []
  annotations: {}
  host: dependencytrack.$INGRESS_HOST.nip.io

frontend:
  replicaCount: 1
  service:
    type: NodePort

apiserver:
  resources:
    requests:
      cpu: 1
      memory: 3000Mi
    limits:
      cpu: 2
      memory: 7Gi
EOF



$ helm search repo dependency-track
NAME                       	CHART VERSION	APP VERSION	DESCRIPTION
dependency-track/dependency-track	0.40.0       	4.13.6        	Dependency-Track is an intelligent Component An...



$ helm install \
    dependency-track dependency-track/dependency-track \
    --namespace dependency-track \
    --create-namespace \
    --values deptrack.values.yaml \
    --version 0.40.0 \
    --wait



// $ helm uninstall dependency-track --namespace dependency-track



$ helm list -n dependency-track
NAME            	NAMESPACE       	REVISION	UPDATED                                	STATUS  	CHART                  	APP VERSION
dependency-track	dependency-track	1       	2026-01-02 22:20:22.691371548 +0300 MSK	deployed	dependency-track-0.40.0	4.13.6



$ kubectl get pods -n dependency-track
NAME                                         READY   STATUS    RESTARTS   AGE
dependency-track-api-server-0                1/1     Running   0          2m22s
dependency-track-frontend-6866fc6b9b-wt9rh   1/1     Running   0          2m22s




$ kubectl get ingress -n dependency-track
NAME               CLASS   HOSTS         ADDRESS   PORTS   AGE
dependency-track   nginx   example.com             80      33s



// Пришлось патчить HOSTS
$ kubectl patch ingress dependency-track -n dependency-track --type='json' -p='[{"op": "replace", "path": "/spec/rules/0/host", "value": "dependencytrack.'$INGRESS_HOST'.nip.io"}]'



// OK!
// admin /admin
http://dependencytrack.192.168.49.2.nip.io/


Administration -> Access Management -> Teams -> Automation


New API Key:

Also add the following permissions

  • POLICY_VIOLATION_ANALYSIS
  • PROJECT_CREATION_UPLOAD
  • VULNERABILITY_ANALYSIS


$ kubectl get svc -n dependency-track
NAME                          TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
dependency-track-api-server   ClusterIP   10.109.140.42   <none>        8081/TCP         52m
dependency-track-frontend     NodePort    10.97.167.253   <none>        8080:30298/TCP   52m


Configure Jenkins to Connect with Dependency Tracker

http://192.168.49.2:30264/manage/pluginManager/available

  • OWASP Dependency-Track


http://192.168.49.2:30264/manage/configure


Dependency-Track Backend URL: http://dependency-track-api-server.dependency-track.svc.cluster.local:8081

API Key -> Add

  • Kind: Secret text
  • Secret: key copied from Dependency-Track earlier
  • id: dep-track-api-key

Check Auto Create Projects


Test Connection


jenkinsfile после

“OSS License Checker”

stage('Generate SBOM') {
    steps {
        container('maven') {
            sh 'mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom'
        }
    }
    post {
        success {
            dependencyTrackPublisher (projectName: 'sample-spring-app',
                                     projectVersion: '0.0.1',
                                     artifact: 'target/bom.xml',
                                     autoCreateProjects: true,
                                     synchronous: true)
            archiveArtifacts (
                allowEmptyArchive: true,
                artifacts: 'target/bom.xml',
                fingerprint: true,
                onlyIfSuccessful: true
            )
        }
    }
}