Integrate DependencyTrack
This documentation guide provides comprehensive instructions for installing and integrating DependencyTrack with the KubeRocketCI.
Prerequisites​
- Kubectl version 1.26.0+ is installed. Please refer to the Kubernetes official website for details.
- Helm version 3.14.0+ is installed. Please refer to the Helm page on GitHub for details.
Installation​
To install DependencyTrack use KubeRocketCI addons approach.
Configuration​
-
Open Administration -> Access Management -> Teams. Click Create Team -> Automation and click Create.
-
Click + in Permissions and add:
BOM_UPLOAD
PROJECT_CREATION_UPLOAD
VIEW_PORTFOLIO -
Click + in API keys to create token:
-
Provision secrets using a manifest, Portal, or with the externalSecrets operator:
- UI Portal
- Manifests
- External Secrets Operator
Go to the Portal open Configuration -> SECURITY -> DEPENDENCYTRACK. Click + ADD INTEGRATION fill fields Quick Link URL
, URL
and Token
click the save
button.
apiVersion: v1
kind: Secret
metadata:
name: ci-dependency-track
namespace: <edp>
labels:
app.edp.epam.com/secret-type: dependency-track
app.edp.epam.com/integration-secret: "true"
stringData:
token: <dependency-track-token>
url: <dependency-track-api-url>
type: Opaque
Store DependencyTrack URL and Token in the AWS Parameter Store with the following format:
"ci-dependency-track":
{
"token": "XXXXXXXXXXXX",
"url": "https://dependency-track.example.com"
}
Go to the Portal open Configuration -> SECURITY -> DEPENDENCYTRACK see the secret managed by the Managed by External Secret
.
More detail on External Secrets Operator Integration can be found on the following page
After following the instructions provided, you should be able to integrate your DependencyTrack with the KubeRocketCI.