Open leec94 opened 2 weeks ago
This is already documented in services.bom.json
, which gets merged with DT's SBOM during release, so it's also included here: https://github.com/DependencyTrack/dependency-track/releases/download/4.12.0/bom.json
That's great! Maybe this could be added as an FAQ item, then pointed to the services.bom.json
file? It didn't seem clear that this information was available when searching for it.
Current Behavior
Dependency Track currently reaches out to various APIs for gather vulnerability data and to package managers for detailed component information. For certain deployments, it would be helpful to have a list of the outbound connections so access can be properly restricted.
Currently Dependency Track reaches out to the following:
From README: https://github.com/DependencyTrack/dependency-track?tab=readme-ov-file#features
Proposed Behavior
Documentation provides a list of outbound connections from Dependency Track so access can be properly restricted.
This issue would help provision Dependency Track in private network environments where network policy needs to be updated to allow for outbound connections.
Checklist