Dependency-Track is an intelligent [Component Analysis] platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of [Software Bill of Materials] (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
Dependency-Track monitors component usage across all versions of every application in its portfolio in order to proactively identify risk across an organization. The platform has an API-first design and is ideal for use in CI/CD environments.
Steps to deploy your own DependencyTrack instance instrumented with Segment:
- Make changes in the code to add segment analytics.
- Build the projects using
mvn clean package -P clean-exclude-wars -P enhance -P embedded-jetty -DskipTests -Dlogback.configuration.file=src/main/docker/logback.xml -e - Build a new docker image:
docker build -t instrumented-dtrack-v1 -f src/main/docker/Dockerfile . - Update the
docker-compose.ymlfile with latest image name. - Insert the value for
SYSTEM_SEGMENT_WRITE_KEYenvironment variable