Thank you man ! I am a C# developer and my employer asks me to set up Dependency Track in Jenkins for many of our pipelines. I had no clue on what Dependency Track is. I followed exactly what you describe and adapt the job and it works. Thank you !!
@LearnSBOM
4 ай бұрын
Glad we could help! 😀
@david_b_m
Жыл бұрын
The unique guide explaning how to implement in a real company (CI/CD)
@ankursharma27
6 ай бұрын
@LearnSBOM, I have a scenario, where I have to break a build if there is a specific critical is present, so, instead of risk gates, I want to break build if there is a specific critical is present out of 10 critical vulnerabilities. Suppose, there are 10 critical present dependency track, and my requirement is a specific one like, spring boot version should be 2.7.18 at least, and in code it's 2.7.4, and this 2.7.4 spring boot version is one of the critical vulnerability out of those 10, than build should break, otherwise, build should not break. but I am looking out for a specific one, like, spring boot version should be 2.7.18 at least, and in code it's 2.7.4, so I should be able to break the build
@yaseenbaba3389
8 ай бұрын
Using dependency check plugin in jenkins , Providing input and it generates he final output in html format DP-Check is project name Have created anoher project as(DP_track)Here i have configured all he dependency tracker details and invoked DP-check But he issue is job is failing due to incorrect file pah in DP-track build. Can you please me if i am missing some thing here ?
@nmkkannan1256
Жыл бұрын
Do we need to install dependency track using docker, then use the Jenkins plugin? Or Just using Jenkins plugins are enough?
@LearnSBOM
Жыл бұрын
Hi, You technically don't need Dependency Track to install the plugin, but it won't function as intended if you don't. If you don't deploy the server yourself, you need access to one in order for the plugin to work. The plugin manages sending and receiving data while Dependency Track does the actual vulnerability checking and other heavy lifting. Hope that helps! Derek
@nmkkannan1256
Жыл бұрын
@@LearnSBOM Thanks, I have have a dependency track installed using Docker and using a Jenkins plugin, can I manage project creation and complete scanning via Jenkins alone?
@LearnSBOM
Жыл бұрын
That should work as long as Dependency Track is deployed somewhere. All your project info will be sent to and from Dependency Track, but there's no need to check Dependency Track directly and use the Jenkins plugin as an interface of sorts. -Derek
@nmkkannan1256
Жыл бұрын
@@LearnSBOM thanks, currently I am installing Dependency Track on Amazon Linux 2, but doesn't have a GUI / Web interface, how can I get the API key without going to "teams" as you shown in the GUI
@LearnSBOM
Жыл бұрын
@@nmkkannan1256 I don't believe there's a way to access the key without going through the GUI. If you're able to host Dependency Track, you should be able to connect via external browser, ie your-url-here:8081 instead of local host, without the need for any key - Derek
@DevopsKT
Жыл бұрын
Hi LearnSBOM, I could successfully able to integrated the Dependency track through the Jenkins for the C++ project . But in Jenkins i could not see the dependency analysis summary option. once go to the inside job at the left corner there should be dependency-track-project & dependency-track-report even thses oprions also not there, could you help me out get those options,
@LearnSBOM
10 ай бұрын
Hello, I would confirm your SBOM shows up on your Dependency Track dashboard to make sure all the permissions have be set up correctly. If there are no vulnerabilities in your project report, you may not see them in show up in the vulnerability report
@nithintm2569
Жыл бұрын
Please can I know how to install dependency check without docker on
@LearnSBOM
Жыл бұрын
Hi, You can download the latest binary release (github.com/DependencyTrack/dependency-track/releases) and run Dependency Track that way, but I won't recommend building anything around them since the binaries are slated to be discontinued. Hope that helps! - Derek
@nithintm1748
Жыл бұрын
Hello, Dependency Track link is missing.
@LearnSBOM
Жыл бұрын
Hi Nithin, You can find more about Dependency Track here (dependencytrack.org/) or watch our demo here (kzitem.info/news/bejne/z2OluZlrbJGpkoo) to learn how to set up your own Dependency Track Server. I hope that helps! - Derek
Пікірлер: 18