2025-06-12 19:32:02 +02:00
|
|
|
# This file is part of Dependency-Track.
|
|
|
|
|
#
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
|
#
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
#
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
|
# limitations under the License.
|
|
|
|
|
#
|
|
|
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
# Copyright (c) OWASP Foundation. All Rights Reserved.
|
|
|
|
|
|
|
|
|
|
# Arguments that can be passed at build time
|
|
|
|
|
# Directory names must end with / to avoid errors when COPYing
|
|
|
|
|
ARG COMMIT_SHA=unknown
|
|
|
|
|
ARG APP_VERSION=0.0.0
|
|
|
|
|
ARG APP_DIR=/opt/owasp/dependency-track/
|
|
|
|
|
ARG DATA_DIR=/data/
|
|
|
|
|
ARG UID=1000
|
|
|
|
|
ARG GID=1000
|
|
|
|
|
ARG WAR_FILENAME=dependency-track-apiserver.jar
|
|
|
|
|
|
2025-11-10 08:05:22 +00:00
|
|
|
FROM eclipse-temurin:25.0.1_8-jdk-alpine@sha256:0c4c6300cc86efdf6454702336a0d60352e227f3a862e8ae9861f393f8f1ede9 AS jre-build
|
2025-06-12 19:32:02 +02:00
|
|
|
|
|
|
|
|
ARG WAR_FILENAME
|
|
|
|
|
|
|
|
|
|
WORKDIR /work
|
|
|
|
|
|
2025-06-16 18:48:16 +02:00
|
|
|
COPY --chmod=755 ./src/main/docker/create-jre.sh ./
|
|
|
|
|
COPY ./target/${WAR_FILENAME} ./
|
2025-06-12 19:32:02 +02:00
|
|
|
|
2025-06-16 18:48:16 +02:00
|
|
|
RUN ./create-jre.sh -i "./${WAR_FILENAME}" -o ./jre
|
2025-06-12 19:32:02 +02:00
|
|
|
|
2025-12-04 08:03:30 +00:00
|
|
|
FROM alpine:3.23@sha256:51183f2cfa6320055da30872f211093f9ff1d3cf06f39a0bdb212314c5dc7375
|
2025-06-12 19:32:02 +02:00
|
|
|
|
|
|
|
|
ARG COMMIT_SHA
|
|
|
|
|
ARG APP_VERSION
|
|
|
|
|
ARG APP_DIR
|
|
|
|
|
ARG DATA_DIR
|
|
|
|
|
ARG UID
|
|
|
|
|
ARG GID
|
|
|
|
|
ARG WAR_FILENAME
|
|
|
|
|
|
|
|
|
|
ENV TZ=Etc/UTC \
|
|
|
|
|
# Dependency-Track's default logging level
|
|
|
|
|
LOGGING_LEVEL=INFO \
|
|
|
|
|
# JVM Options that are passed at runtime by default
|
2025-09-28 16:35:18 +02:00
|
|
|
JAVA_OPTIONS="-XX:+UseParallelGC -XX:+UseStringDeduplication -XX:+UseCompactObjectHeaders -XX:MaxRAMPercentage=90.0" \
|
2025-06-12 19:32:02 +02:00
|
|
|
# JVM Options that can be passed at runtime, while maintaining also those set in JAVA_OPTIONS
|
|
|
|
|
EXTRA_JAVA_OPTIONS="" \
|
|
|
|
|
# The web context defaults to the root. To override, supply an alternative context which starts with a / but does not end with one
|
|
|
|
|
# Example: /dtrack
|
|
|
|
|
CONTEXT="/" \
|
|
|
|
|
# Injects the build-time ARG "WAR_FILENAME" as an environment variable that can be used in the CMD.
|
|
|
|
|
WAR_FILENAME=${WAR_FILENAME} \
|
|
|
|
|
# Set JAVA_HOME for the copied over JRE
|
|
|
|
|
JAVA_HOME=/opt/java/openjdk \
|
|
|
|
|
PATH="/opt/java/openjdk/bin:${PATH}" \
|
|
|
|
|
LANG=C.UTF-8 \
|
|
|
|
|
# Ensure user home is always set to DATA_DIR, even for arbitrary UIDs (such as used by OpenShift)
|
|
|
|
|
HOME=${DATA_DIR} \
|
|
|
|
|
# Default notification publisher templates override environment variables
|
|
|
|
|
DEFAULT_TEMPLATES_OVERRIDE_ENABLED=false \
|
|
|
|
|
DEFAULT_TEMPLATES_OVERRIDE_BASE_DIRECTORY=${DATA_DIR} \
|
|
|
|
|
LOGGING_CONFIG_PATH="logback.xml"
|
|
|
|
|
|
|
|
|
|
# Create the directories where the WAR will be deployed to (${APP_DIR}) and Dependency-Track will store its data (${DATA_DIR})
|
|
|
|
|
# Create a user and assign home directory to a ${DATA_DIR}
|
|
|
|
|
# Ensure UID 1000 & GID 1000 own all the needed directories
|
|
|
|
|
RUN mkdir -p ${APP_DIR} ${DATA_DIR} \
|
|
|
|
|
&& addgroup -S -g ${GID} dtrack || true \
|
|
|
|
|
&& adduser -S -D -G dtrack -H -h ${DATA_DIR} -g "dtrack user" -s /bin/false -u ${UID} dtrack || true \
|
|
|
|
|
&& chown -R dtrack:0 ${DATA_DIR} ${APP_DIR} \
|
|
|
|
|
&& chmod -R g=u ${DATA_DIR} ${APP_DIR} \
|
|
|
|
|
&& apk add --no-cache tzdata
|
|
|
|
|
|
|
|
|
|
# Copy JRE from temurin base image
|
|
|
|
|
COPY --from=jre-build /work/jre ${JAVA_HOME}
|
|
|
|
|
|
|
|
|
|
# Copy the compiled WAR to the application directory created above
|
|
|
|
|
COPY ./target/${WAR_FILENAME} ./src/main/docker/logback-json.xml ${APP_DIR}
|
|
|
|
|
|
|
|
|
|
# Specify the user to run as (in numeric format for compatibility with Kubernetes/OpenShift's SCC)
|
|
|
|
|
USER ${UID}
|
|
|
|
|
|
|
|
|
|
# Specify the container working directory
|
|
|
|
|
WORKDIR ${APP_DIR}
|
|
|
|
|
|
|
|
|
|
# Launch Dependency-Track
|
|
|
|
|
CMD exec java ${JAVA_OPTIONS} ${EXTRA_JAVA_OPTIONS} \
|
|
|
|
|
--add-opens java.base/java.util.concurrent=ALL-UNNAMED \
|
|
|
|
|
-Dlogback.configurationFile=${LOGGING_CONFIG_PATH} \
|
|
|
|
|
-DdependencyTrack.logging.level=${LOGGING_LEVEL} \
|
|
|
|
|
-jar ${WAR_FILENAME} \
|
|
|
|
|
-context ${CONTEXT}
|
|
|
|
|
|
|
|
|
|
# Specify which port Dependency-Track listens on
|
|
|
|
|
EXPOSE 8080
|
|
|
|
|
|
|
|
|
|
# Add a healthcheck using the Dependency-Track version API
|
|
|
|
|
HEALTHCHECK --interval=30s --start-period=60s --timeout=3s CMD wget -t 1 -T 3 --proxy off -q -O /dev/null http://127.0.0.1:8080${CONTEXT}health || exit 1
|
|
|
|
|
|
|
|
|
|
# metadata labels
|
|
|
|
|
LABEL \
|
|
|
|
|
org.opencontainers.image.vendor="OWASP" \
|
|
|
|
|
org.opencontainers.image.title="Official Dependency-Track Container image" \
|
|
|
|
|
org.opencontainers.image.description="Dependency-Track is an intelligent Component Analysis platform" \
|
|
|
|
|
org.opencontainers.image.version="${APP_VERSION}" \
|
|
|
|
|
org.opencontainers.image.url="https://dependencytrack.org/" \
|
|
|
|
|
org.opencontainers.image.source="https://github.com/DependencyTrack/dependency-track" \
|
|
|
|
|
org.opencontainers.image.revision="${COMMIT_SHA}" \
|
|
|
|
|
org.opencontainers.image.licenses="Apache-2.0" \
|
|
|
|
|
maintainer="steve.springett@owasp.org"
|
