Dependency Track module #7477
Description
Create a NethServer 8 Module for Dependency Track with Traefik Integration.
The module will be published inside the NethForge repository.
-
Why:
Managing software supply chain security is critical for modern infrastructure. Dependency Track is a powerful tool for tracking software components and identifying vulnerabilities via SBOMs (Software Bill of Materials). However, deploying and managing it on NethServer 8 is currently complex and requires manual steps. -
Purpose:
The purpose of this feature is to simplify and automate the deployment and management of Dependency-Track on NethServer 8. By providing a dedicated module, administrators can easily set up Dependency-Track with secure access, integrated with NethServer’s Traefik reverse proxy and Let's Encrypt for SSL, all managed from the Web UI.
Proposed solution
Develop a NethServer 8 module that:
- Deploys Dependency-Track (API server, frontend, PostgreSQL, Trivy) as Podman containers.
- Integrates Dependency-Track with Traefik to serve the frontend and API via a user-defined virtual host on HTTPS (port 443).
- Frontend served at the root path (
https://<virtualhost>/) - API served at
/api(https://<virtualhost>/api)
- Frontend served at the root path (
- Provides a simple Cockpit UI with:
- Virtual host input field (e.g.,
dependencytrack.gs.nethserver.net) - Toggle for Let's Encrypt automatic certificate generation
- Display of default credentials (admin/admin)
- Virtual host input field (e.g.,
- Manages Podman networks, persistent volumes, environment variables, and secure credentials.
- Handles container lifecycle (start, stop, update) gracefully, ensuring correct startup order and dependencies.
- Optionally generates systemd unit files for persistent and managed container operation.
- Includes clear post-deployment instructions for first login, API key creation, and security best practices.
See also
- Requirements analysis for a full description and a working docker compose example