Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components
Owasp provides a docker image that can be used to do deploy the application on to a virtual machine.
-
Create a virtual machine with the following specifications:
Minimum Recommended 4.5GB RAM 16GB RAM 2 CPU cores 4 CPU cores -
SSH into the virtual machine created
-
Install docker and ensure its running
-
run the following commands in sequence to start the tracker
docker pull owasp/dependency-track
docker volume create --name dependency-track
docker run -d -m 8192m -p 8080:8080 --name dependency-track -v dependency-track:/data owasp/dependency-trackIt is possible to run the tracker on your local computer but you should note that it requires a significant resources as listed above. If you have docker running your computer, run the commands on step 4 above to get the tracker running
The commands above have been picked directly from owasp docker image page so if you are having trouble, visit that page to ensure the commands and requirements above are not outdated