search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.6k stars 552 forks source link

deploying with docker in Intranet,can not connect to the Internet,all project does not report vulnerabilities #1941

Closed wuruyu181 closed 2 years ago

wuruyu181 commented 2 years ago

deploying with docker in Intranet, Intranet can not connect to the Internet,when i upload SBOM,get 0 vulnerabilities: 橙讯图片_1662688706881 here is the logs: 橙讯图片_1662688821975 橙讯图片_1662688832675 my question is:denpendency-track can not depolying in private Intranet?

valentijnscholten commented 2 years ago

Dependency Track needs to access the internet to download vulnerability databases and version info from package repositories. See also https://docs.dependencytrack.org/integrations/ecosystem/ You may have to configure a proxy to be able to access the internet depending on your companies network: https://github.com/DependencyTrack/dependency-track/blob/e9304da3beba4776784da9104edcefbf6da0b32f/src/main/docker/docker-compose.yml#L59-L64

wuruyu181 commented 2 years ago

Dependency Track needs to access the internet to download vulnerability databases and version info from package repositories. See also https://docs.dependencytrack.org/integrations/ecosystem/ You may have to configure a proxy to be able to access the internet depending on your companies network:

https://github.com/DependencyTrack/dependency-track/blob/e9304da3beba4776784da9104edcefbf6da0b32f/src/main/docker/docker-compose.yml#L59-L64

we have download vulnerability databases in internet,and deploying the denpendency-track and databases in private Intranet,we can san nist and vulnerabilities files。 my questions is:denpendency-track can analyzeing in local vulnerability databases?

wuruyu181 commented 2 years ago

Dependency Track needs to access the internet to download vulnerability databases and version info from package repositories. See also https://docs.dependencytrack.org/integrations/ecosystem/ You may have to configure a proxy to be able to access the internet depending on your companies network:

https://github.com/DependencyTrack/dependency-track/blob/e9304da3beba4776784da9104edcefbf6da0b32f/src/main/docker/docker-compose.yml#L59-L64

I installed versions is v4.5.0,my question is:can denpendency-track integrated with denpendency-check and how? or can i use external vulnerability databases ?