New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run dependency track with MySQL. #414
Comments
What data? If you followed the Docker instructions, you'll have a data volume that is independent of the container itself. Thats where the Dependency-Track stores its data.
Under most situations, there should be no need to change anything in a running container. The majority of configuration uses environment variables which are passed to the container. For example, the variable A sample docker compose file is provided in the documentation and is checked into version control. It's available here: https://github.com/DependencyTrack/dependency-track/blob/master/src/main/docker/docker-compose.yml You can use this file as a starting point, uncomment and change the variable to match your environment. That's likely the easiest way to get a production-ready instance deployed. |
Hi Steve, |
|
Hi Steve, |
Hi Steve, Database Properties
When I execute docker-compose, I'm getting the following error: ERROR [Datastore] Exception thrown creating StoreManager : The specified datastore driver ("com.mysql.jdbc.Driver") was not found in the CLASSPATH. Please check your CLASSPATH specification, and the name of the driver. I have the file 'mysql-connector-java-5.1.48-bin.jar' downloaded. Unable to find where to place this file. Any help would be appreciated on this. |
|
I was able to set the path for the driver. It was mentioned in the documentation website. Although the above mentioned issue was solved, when I started the docker, It starts downloading the NVD and NPM data and after some time, crashes with code 137. Googling this led me to a conclusion that this might be an out of memory issue.
|
The Dependency-Track requires a minimum of 4GB and 2CPU cores to run, however, more is better. If the Docker host is not able to provide this, you'll get some unusual Docker errors related to resources. |
My system has 16GB of Ram and 8 cores. This shouldn't have been an issue. Also I read that the default allocated resources for a docker are as much as the OS provides. So, this shouldn't have been an issue at all. I am running the docker on a PC laptop. I have a couple of questions
|
|
Hi Steve,
|
MySQL doesn't work out-of-the-box without configuration. By default MySQL does non-standard things that break applications expecting a database to behave in a specific way. Most orgs that I've talked with either use Postgres or Microsoft SQL. Ensure that the sql_mode is specified for the container. Otherwise it will not work. Not sure about the key length error. That's a new one that I haven't seen. But there's nothing I can do about key length. That might be yet another configuration issue with MySQL. Not entirely sure. https://docs.dependencytrack.org/getting-started/database-support/ |
Hi Steve,
Does the dep track application need dependency check installed ?
Please help me with the above issues. And thanks for the quick reply everytime. |
Because of the issue with the database and likely several DT restarts, I would highly recommend starting from a clean database and data directory. Dependency-Check does not need to be installed. DT v3.5.1 and previous includes an embedded Dependency-Check core library for fuzzy NVD matching. This is being removed in v3.6.0. But it's not necessary to do anything. it does however, assume that the database and the data directory have been properly seeded. So starting from a fresh database and data volume would likely solve any remaining issues. |
Hi Steve, Ex: Gimp Version: 2.10.0. This version of Gimp shows vulnerabilities when searched in NVD database, but the same when added as a new component, doesn't show any vulnerabilities associated. The steps followed for the creation of component:
I was expecting a couple of vulnerabilities to show up because the same showed up in NVD database. Could you help me understand what is happening here ? |
Dependency-Track v3.5.1 and lower excels at discovering library vulnerabilities. Asset vulnerability (applications, operating systems, hardware) support is currently limited. Major work in this area is currently happening on v3.6.0. With that said, if you're manually adding components, you need to ensure the group, name, version align to what the NVD states in the CPE. The CPE for this version of gimp is: |
Hi Steve,
|
Follow the 3.6.0 milestone for updates and progress. There isn’t an eta at the moment. Outputting of excel or pdf is not something this project will ever do, as it goes against the goal of providing continuous metrics. You can however use the data from the various APIs to produce whatever document format you want. Integration with BI tools is elementary. |
Hi Steve,
Above is the code for CORS enabling. Below is the angular code for making an API call:
After this, there is an error thrown which says (failed) to make request in chrome. While in mozilla, it makes an API call to OPTIONS method and says 401 unauthorized. Mozilla Output: Chrome output: Could you please tell me what could be going wrong here. |
Dependency-Track provides an API that others can integrate with. The project (and myself) does not have the expertise or capacity to address integration-specific implementation details. I have no idea why a 401 is returned, nor do I know anything about angular. Your code is specifying httpClient.get with the header, but if the same header doesn't exist when calling options, then yes, you'll likely either get a 401 or similar. I don't think there are any endpoints that support OPTIONS. So you'll likely need to figure out why thats happening and prevent it. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Hi, I am trying to run dependency track using docker. Me being a newbie to docker am not sure of the below points:
I have referred to the documentation of Dependency Track and found a way to change the configurations so that MySql DB is used. But where do I change the data. As in, should the data be changed in the downloaded docker image ? (If yes plz specify the physical path of the file) or should the db connection be specified while running the docker.
Please help me with the above things.
The text was updated successfully, but these errors were encountered: