Integrate Dependency-Track
This documentation guide provides comprehensive instructions for installing and integrating Dependency-Track with the KubeRocketCI.
For details on how KubeRocketCI pipelines generate SBOMs with cdxgen and upload them to Dependency-Track, refer to Security Scanning Pipelines.
Prerequisites​
- Kubectl version 1.34.0+ is installed. Please refer to the Kubernetes official website for details.
- Helm version 3.19.0+ is installed. Please refer to the Helm page on GitHub for details.
Installation​
To install Dependency-Track use KubeRocketCI addons approach.
Configuration​
-
Open Administration -> Access Management -> Teams. Click Create Team -> Automation and click Create.
-
Click + in Permissions and add:
BOM_UPLOADPROJECT_CREATION_UPLOADVIEW_PORTFOLIO -
Click + in API keys to create token:
-
Provision secrets using a manifest, Portal, or with the externalSecrets operator:
- UI Portal
- Manifests
- External Secrets Operator
Go to the Portal open Configuration -> SECURITY -> DEPENDENCYTRACK. Click + ADD INTEGRATION fill fields Quick Link URL, URL and Token click the save button.
apiVersion: v1
kind: Secret
metadata:
name: ci-dependency-track
namespace: krci
labels:
app.edp.epam.com/secret-type: dependency-track
app.edp.epam.com/integration-secret: "true"
stringData:
token: <dependency-track-token>
url: <dependency-track-api-url>
type: Opaque
Store Dependency-Track URL and Token in the AWS Parameter Store with the following format:
"ci-dependency-track":
{
"token": "XXXXXXXXXXXX",
"url": "https://dependency-track.example.com"
}
Go to the KubeRocketCI Portal -> Configuration -> Security -> DependencyTrack see the secret managed by the Managed by External Secret:
More detail on External Secrets Operator Integration can be found on the following page
After following the instructions provided, you should be able to integrate your Dependency-Track with the KubeRocketCI.