I’ve recently been investigating Dependency Track for understanding risks in third-party software that we use. To make things easy, I’ve been running locally via docker.
One lesson is that you need a real database such as Postgres. The compose file below will get you started with Dependency Track connected to Postgress running in another container.
version: '3.1' services: dtrack: environment: - ALPINE_DATABASE_MODE=external - ALPINE_DATABASE_URL=jdbc:postgresql://db:5432/dtrack - ALPINE_DATABASE_DRIVER=org.postgresql.Driver - ALPINE_DATABASE_DRIVER_PATH=/extlib/postgresql-42.2.5.jar - ALPINE_DATABASE_USERNAME=dtrack - ALPINE_DATABASE_PASSWORD=password image: 'owasp/dependency-track' ports: - '8090:8080' volumes: - './data:/data' restart: always depends_on: - db db: environment: - POSTGRES_PASSWORD=password - POSTGRES_USER=dtrack - POSTGRES_DB=dtrack image: 'postgres:10' restart: always ports: - '5432:5432' volumes: - ./db:/var/lib/postgresql
This isn’t sufficient for a production system (you probably want LDAP, SSH, etc). But this is enough for local evaluation.