Integrate Dependency-Track

This documentation guide provides comprehensive instructions for installing and integrating Dependency-Track with the KubeRocketCI.

Prerequisites

• Kubectl version 1.28.0+ is installed. Please refer to the Kubernetes official website for details.
• Helm version 3.14.0+ is installed. Please refer to the Helm page on GitHub for details.

Installation

To install Dependency-Track use KubeRocketCI addons approach.

Configuration

1. Open Administration -> Access Management -> Teams. Click Create Team -> Automation and click Create.

2. Click + in Permissions and add:

   BOM_UPLOAD
   PROJECT_CREATION_UPLOAD
   VIEW_PORTFOLIO

3. Click + in API keys to create token:

   

4. Provision secrets using a manifest, Portal, or with the externalSecrets operator:

UI Portal

Go to the Portal open Configuration -> SECURITY -> DEPENDENCYTRACK. Click + ADD INTEGRATION fill fields Quick Link URL, URL and Token click the save button.

Manifests

apiVersion: v1
kind: Secret
metadata:
  name: ci-dependency-track
  namespace: krci
  labels:
    app.edp.epam.com/secret-type: dependency-track
    app.edp.epam.com/integration-secret: "true"
stringData:
  token: <dependency-track-token>
  url: <dependency-track-api-url>
type: Opaque

External Secrets Operator

Store Dependency-Track URL and Token in the AWS Parameter Store with the following format:

"ci-dependency-track":
{
  "token": "XXXXXXXXXXXX",
  "url": "https://dependency-track.example.com"
}

Go to the Portal open Configuration -> SECURITY -> DEPENDENCYTRACK see the secret managed by the Managed by External Secret.

More detail on External Secrets Operator Integration can be found on the following page

After following the instructions provided, you should be able to integrate your Dependency-Track with the KubeRocketCI.

Related Articles

• Install External Secrets Operator
• External Secrets Operator Integration
• Cluster Add-Ons Overview