dependency-track/docs/_docs/getting-started/deploy-docker.md

---
title: Deploying Docker Container
category: Getting Started
chapter: 1
order: 1
---

Deploying with Docker is the easiest and fastest method of getting started. No prerequisites are required
other than a modern version of Docker.

> The 'latest' tag in Docker Hub will always refer to the latest stable GA release. Consult the GitHub repo
> for instructions on how to run untested snapshot releases.

### Container Requirements (API Server)

| Minimum     | Recommended |
| :---------- | :---------- |
| 4.5GB RAM   | 16GB RAM    |
| 2 CPU cores | 4 CPU cores |

### Container Requirements (Front End)

| Minimum     | Recommended |
| :---------- | :---------- |
| 512MB RAM   | 1GB RAM    |
| 1 CPU cores | 2 CPU cores |

### Quickstart (Docker Compose)

```bash
# Downloads the latest Docker Compose file
curl -LO https://dependencytrack.org/docker-compose.yml

# Starts the stack using Docker Compose
docker-compose up -d
```

### Quickstart (Docker Swarm)

```bash
# Downloads the latest Docker Compose file
curl -LO https://dependencytrack.org/docker-compose.yml

# Initializes Docker Swarm (if not previously initialized)
docker swarm init

# Starts the stack using Docker Swarm
docker stack deploy -c docker-compose.yml dtrack
```

### Quickstart (Manual Execution)

```bash
# Pull the image from the Docker Hub OWASP repo
docker pull dependencytrack/bundled

# Creates a dedicated volume where data can be stored outside the container
docker volume create --name dependency-track

# Run the bundled container with 8GB RAM on port 8080
docker run -d -m 8192m -p 8080:8080 --name dependency-track -v dependency-track:/data dependencytrack/bundled
```

### Docker Compose (Automated / Orchestration)

The preferred method for production environments is to use docker-compose.yml with a corresponding
database container (Postgres, MySQL, or Microsoft SQL). The following is an example YAML file that
can be used with `docker-compose` or `docker stack deploy`.

```yaml
version: '3.7'

#####################################################
# This Docker Compose file contains two services
#    Dependency-Track API Server
#    Dependency-Track FrontEnd
#####################################################

volumes:
  dependency-track:

services:
  dtrack-apiserver:
    image: dependencytrack/apiserver
    # environment:
    # The Dependency-Track container can be configured using any of the
    # available configuration properties defined in:
    # https://docs.dependencytrack.org/getting-started/configuration/
    # All properties are upper case with periods replaced by underscores.
    #
    # Database Properties
    # - ALPINE_DATABASE_MODE=external
    # - ALPINE_DATABASE_URL=jdbc:postgresql://postgres10:5432/dtrack
    # - ALPINE_DATABASE_DRIVER=org.postgresql.Driver
    # - ALPINE_DATABASE_USERNAME=dtrack
    # - ALPINE_DATABASE_PASSWORD=changeme
    # - ALPINE_DATABASE_POOL_ENABLED=true
    # - ALPINE_DATABASE_POOL_MAX_SIZE=20
    # - ALPINE_DATABASE_POOL_MIN_IDLE=10
    # - ALPINE_DATABASE_POOL_IDLE_TIMEOUT=300000
    # - ALPINE_DATABASE_POOL_MAX_LIFETIME=600000
    #
    # Optional LDAP Properties
    # - ALPINE_LDAP_ENABLED=true
    # - ALPINE_LDAP_SERVER_URL=ldap://ldap.example.com:389
    # - ALPINE_LDAP_BASEDN=dc=example,dc=com
    # - ALPINE_LDAP_SECURITY_AUTH=simple
    # - ALPINE_LDAP_BIND_USERNAME=
    # - ALPINE_LDAP_BIND_PASSWORD=
    # - ALPINE_LDAP_AUTH_USERNAME_FORMAT=%s@example.com
    # - ALPINE_LDAP_ATTRIBUTE_NAME=userPrincipalName
    # - ALPINE_LDAP_ATTRIBUTE_MAIL=mail
    # - ALPINE_LDAP_GROUPS_FILTER=(&(objectClass=group)(objectCategory=Group))
    # - ALPINE_LDAP_USER_GROUPS_FILTER=(member:1.2.840.113556.1.4.1941:={USER_DN})
    # - ALPINE_LDAP_GROUPS_SEARCH_FILTER=(&(objectClass=group)(objectCategory=Group)(cn=*{SEARCH_TERM}*))
    # - ALPINE_LDAP_USERS_SEARCH_FILTER=(&(objectClass=user)(objectCategory=Person)(cn=*{SEARCH_TERM}*))
    # - ALPINE_LDAP_USER_PROVISIONING=false
    # - ALPINE_LDAP_TEAM_SYNCHRONIZATION=false
    #
    # Optional OpenID Connect (OIDC) Properties
    # - ALPINE_OIDC_ENABLED=true
    # - ALPINE_OIDC_ISSUER=https://auth.example.com/auth/realms/example
    # - ALPINE_OIDC_USERNAME_CLAIM=preferred_username
    # - ALPINE_OIDC_TEAMS_CLAIM=groups
    # - ALPINE_OIDC_USER_PROVISIONING=true
    # - ALPINE_OIDC_TEAM_SYNCHRONIZATION=true
    #
    # Optional HTTP Proxy Settings
    # - ALPINE_HTTP_PROXY_ADDRESS=proxy.example.com
    # - ALPINE_HTTP_PROXY_PORT=8888
    # - ALPINE_HTTP_PROXY_USERNAME=
    # - ALPINE_HTTP_PROXY_PASSWORD=
    # - ALPINE_NO_PROXY=
    #
    # Optional Cross-Origin Resource Sharing (CORS) Headers
    # - ALPINE_CORS_ENABLED=true
    # - ALPINE_CORS_ALLOW_ORIGIN=*
    # - ALPINE_CORS_ALLOW_METHODS=GET, POST, PUT, DELETE, OPTIONS
    # - ALPINE_CORS_ALLOW_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *
    # - ALPINE_CORS_EXPOSE_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count
    # - ALPINE_CORS_ALLOW_CREDENTIALS=true
    # - ALPINE_CORS_MAX_AGE=3600
    deploy:
      resources:
        limits:
          memory: 12288m
        reservations:
          memory: 8192m
      restart_policy:
        condition: on-failure
    ports:
      - '8081:8080'
    volumes:
      - 'dependency-track:/data'
    restart: unless-stopped

  dtrack-frontend:
    image: dependencytrack/frontend
    depends_on:
      - dtrack-apiserver
    environment:
      # The base URL of the API server.
      # NOTE:
      #   * This URL must be reachable by the browsers of your users.
      #   * The frontend container itself does NOT communicate with the API server directly, it just serves static files.
      #   * When deploying to dedicated servers, please use the external IP or domain of the API server.
      - API_BASE_URL=http://localhost:8081
      # - "OIDC_ISSUER="
      # - "OIDC_CLIENT_ID="
      # - "OIDC_SCOPE="
      # - "OIDC_FLOW="
      # volumes:
      # - "/host/path/to/config.json:/app/static/config.json"
    ports:
      - "8080:8080"
    restart: unless-stopped
```

### Bundled JDBC Drivers

The following JDBC Drivers are included with Dependency-Track.

| Driver        | Class                                        |
| ------------- | -------------------------------------------- |
| Microsoft SQL | com.microsoft.sqlserver.jdbc.SQLServerDriver |
| MySQL         | com.mysql.jdbc.Driver                        |
| PostgreSQL    | org.postgresql.Driver                        |
Initial checkin 2018-02-08 23:16:43 -06:00			`---`
			`title: Deploying Docker Container`
			`category: Getting Started`
			`chapter: 1`
			`order: 1`
			`---`

			`Deploying with Docker is the easiest and fastest method of getting started. No prerequisites are required`
v3.6 doc update 2019-09-28 22:59:32 -05:00			`other than a modern version of Docker.`
Initial checkin 2018-02-08 23:16:43 -06:00
			`> The 'latest' tag in Docker Hub will always refer to the latest stable GA release. Consult the GitHub repo`
			`> for instructions on how to run untested snapshot releases.`

Updating docker deployment 2020-12-26 00:25:59 -06:00			`### Container Requirements (API Server)`
#465 - Added clarifying statements and container requirements 2019-10-02 12:03:46 -05:00
Update default MySQL Connector: 5.4.17 -> 8.0.22 2020-11-20 11:04:16 +01:00			`\| Minimum \| Recommended \|`
			`\| :---------- \| :---------- \|`
			`\| 4.5GB RAM \| 16GB RAM \|`
#465 - Added clarifying statements and container requirements 2019-10-02 12:03:46 -05:00			`\| 2 CPU cores \| 4 CPU cores \|`

Updating docker deployment 2020-12-26 00:25:59 -06:00			`### Container Requirements (Front End)`

			`\| Minimum \| Recommended \|`
			`\| :---------- \| :---------- \|`
			`\| 512MB RAM \| 1GB RAM \|`
			`\| 1 CPU cores \| 2 CPU cores \|`

			`### Quickstart (Docker Compose)`

			```bash
			`# Downloads the latest Docker Compose file`
			`curl -LO https://dependencytrack.org/docker-compose.yml`

			`# Starts the stack using Docker Compose`
			`docker-compose up -d`
			```

			`### Quickstart (Docker Swarm)`

			```bash
			`# Downloads the latest Docker Compose file`
			`curl -LO https://dependencytrack.org/docker-compose.yml`

			`# Initializes Docker Swarm (if not previously initialized)`
			`docker swarm init`

			`# Starts the stack using Docker Swarm`
			`docker stack deploy -c docker-compose.yml dtrack`
			```
#465 - Added clarifying statements and container requirements 2019-10-02 12:03:46 -05:00
Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			`### Quickstart (Manual Execution)`
Initial checkin 2018-02-08 23:16:43 -06:00
			```bash
			`# Pull the image from the Docker Hub OWASP repo`
Corrected repo 2020-12-27 22:16:46 -06:00			`docker pull dependencytrack/bundled`
Initial checkin 2018-02-08 23:16:43 -06:00
			`# Creates a dedicated volume where data can be stored outside the container`
Grammar 2018-03-13 14:28:28 -05:00			`docker volume create --name dependency-track`
Initial checkin 2018-02-08 23:16:43 -06:00
Updating docker deployment 2020-12-26 00:25:59 -06:00			`# Run the bundled container with 8GB RAM on port 8080`
			`docker run -d -m 8192m -p 8080:8080 --name dependency-track -v dependency-track:/data dependencytrack/bundled`
Updated docs to include proxy info #101 2018-03-13 14:21:15 -05:00			```

Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			`### Docker Compose (Automated / Orchestration)`
Grammar 2018-03-13 14:28:28 -05:00
Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			`The preferred method for production environments is to use docker-compose.yml with a corresponding`
			`database container (Postgres, MySQL, or Microsoft SQL). The following is an example YAML file that`
			can be used with `docker-compose` or `docker stack deploy`.

			```yaml
#584 - Updated docs and example compose file to include memory reservation and limits 2020-03-01 22:22:13 -06:00			`version: '3.7'`
Updating compose 2020-12-21 01:26:29 -06:00
			`#####################################################`
			`# This Docker Compose file contains two services`
			`# Dependency-Track API Server`
			`# Dependency-Track FrontEnd`
			`#####################################################`

			`volumes:`
			`dependency-track:`

Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			`services:`
Updating compose 2020-12-21 01:26:29 -06:00			`dtrack-apiserver:`
			`image: dependencytrack/apiserver`
			`# environment:`
Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			`# The Dependency-Track container can be configured using any of the`
			`# available configuration properties defined in:`
			`# https://docs.dependencytrack.org/getting-started/configuration/`
			`# All properties are upper case with periods replaced by underscores.`
			`#`
			`# Database Properties`
			`# - ALPINE_DATABASE_MODE=external`
			`# - ALPINE_DATABASE_URL=jdbc:postgresql://postgres10:5432/dtrack`
			`# - ALPINE_DATABASE_DRIVER=org.postgresql.Driver`
			`# - ALPINE_DATABASE_USERNAME=dtrack`
			`# - ALPINE_DATABASE_PASSWORD=changeme`
Minor changes to basetest (persistencecapable), Added more model tests #68 2019-01-30 23:33:13 -06:00			`# - ALPINE_DATABASE_POOL_ENABLED=true`
#941 - Adding support for minimum idle. Updating timeouts and connections. Updating docs. 2021-05-20 01:08:20 -05:00			`# - ALPINE_DATABASE_POOL_MAX_SIZE=20`
			`# - ALPINE_DATABASE_POOL_MIN_IDLE=10`
			`# - ALPINE_DATABASE_POOL_IDLE_TIMEOUT=300000`
Minor changes to basetest (persistencecapable), Added more model tests #68 2019-01-30 23:33:13 -06:00			`# - ALPINE_DATABASE_POOL_MAX_LIFETIME=600000`
Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			`#`
			`# Optional LDAP Properties`
Updating compose 2020-12-21 01:26:29 -06:00			`# - ALPINE_LDAP_ENABLED=true`
Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			`# - ALPINE_LDAP_SERVER_URL=ldap://ldap.example.com:389`
			`# - ALPINE_LDAP_BASEDN=dc=example,dc=com`
			`# - ALPINE_LDAP_SECURITY_AUTH=simple`
			`# - ALPINE_LDAP_BIND_USERNAME=`
			`# - ALPINE_LDAP_BIND_PASSWORD=`
			`# - ALPINE_LDAP_AUTH_USERNAME_FORMAT=%s@example.com`
			`# - ALPINE_LDAP_ATTRIBUTE_NAME=userPrincipalName`
			`# - ALPINE_LDAP_ATTRIBUTE_MAIL=mail`
			`# - ALPINE_LDAP_GROUPS_FILTER=(&(objectClass=group)(objectCategory=Group))`
			`# - ALPINE_LDAP_USER_GROUPS_FILTER=(member:1.2.840.113556.1.4.1941:={USER_DN})`
#294 - Updated default application.properties and documentation detailing two new LDAP properties 2019-06-02 00:58:45 -05:00			`# - ALPINE_LDAP_GROUPS_SEARCH_FILTER=(&(objectClass=group)(objectCategory=Group)(cn={SEARCH_TERM}))`
			`# - ALPINE_LDAP_USERS_SEARCH_FILTER=(&(objectClass=user)(objectCategory=Person)(cn={SEARCH_TERM}))`
Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			`# - ALPINE_LDAP_USER_PROVISIONING=false`
			`# - ALPINE_LDAP_TEAM_SYNCHRONIZATION=false`
			`#`
Updating compose 2020-12-21 01:26:29 -06:00			`# Optional OpenID Connect (OIDC) Properties`
			`# - ALPINE_OIDC_ENABLED=true`
			`# - ALPINE_OIDC_ISSUER=https://auth.example.com/auth/realms/example`
			`# - ALPINE_OIDC_USERNAME_CLAIM=preferred_username`
			`# - ALPINE_OIDC_TEAMS_CLAIM=groups`
			`# - ALPINE_OIDC_USER_PROVISIONING=true`
			`# - ALPINE_OIDC_TEAM_SYNCHRONIZATION=true`
			`#`
Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			`# Optional HTTP Proxy Settings`
			`# - ALPINE_HTTP_PROXY_ADDRESS=proxy.example.com`
			`# - ALPINE_HTTP_PROXY_PORT=8888`
			`# - ALPINE_HTTP_PROXY_USERNAME=`
			`# - ALPINE_HTTP_PROXY_PASSWORD=`
add no proxy from config 2020-06-03 07:07:00 +05:30			`# - ALPINE_NO_PROXY=`
Added CORS documentation for v3.5 2019-04-16 17:06:01 -05:00			`#`
			`# Optional Cross-Origin Resource Sharing (CORS) Headers`
			`# - ALPINE_CORS_ENABLED=true`
			`# - ALPINE_CORS_ALLOW_ORIGIN=*`
ALPINE_CORS_ALLOW_METHODS list separated by commas 2021-02-03 11:44:09 +01:00			`# - ALPINE_CORS_ALLOW_METHODS=GET, POST, PUT, DELETE, OPTIONS`
Added CORS documentation for v3.5 2019-04-16 17:06:01 -05:00			`# - ALPINE_CORS_ALLOW_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *`
			`# - ALPINE_CORS_EXPOSE_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count`
			`# - ALPINE_CORS_ALLOW_CREDENTIALS=true`
			`# - ALPINE_CORS_MAX_AGE=3600`
#584 - Updated docs and example compose file to include memory reservation and limits 2020-03-01 22:22:13 -06:00			`deploy:`
			`resources:`
			`limits:`
			`memory: 12288m`
			`reservations:`
			`memory: 8192m`
			`restart_policy:`
			`condition: on-failure`
Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			`ports:`
Updating compose 2020-12-21 01:26:29 -06:00			`- '8081:8080'`
Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			`volumes:`
Updating compose 2020-12-21 01:26:29 -06:00			`- 'dependency-track:/data'`
			`restart: unless-stopped`

			`dtrack-frontend:`
			`image: dependencytrack/frontend`
			`depends_on:`
			`- dtrack-apiserver`
			`environment:`
Clarify that API_BASE_URL needs to be modified for server deployments Signed-off-by: nscuro <nscuro@protonmail.com> 2021-06-12 17:30:54 +02:00			`# The base URL of the API server.`
			`# NOTE:`
			`# * This URL must be reachable by the browsers of your users.`
			`# * The frontend container itself does NOT communicate with the API server directly, it just serves static files.`
			`# * When deploying to dedicated servers, please use the external IP or domain of the API server.`
Updating compose 2020-12-21 01:26:29 -06:00			`- API_BASE_URL=http://localhost:8081`
			`# - "OIDC_ISSUER="`
			`# - "OIDC_CLIENT_ID="`
			`# - "OIDC_SCOPE="`
			`# - "OIDC_FLOW="`
			`# volumes:`
			`# - "/host/path/to/config.json:/app/static/config.json"`
			`ports:`
Changed port to 8080 in production compose and 4.2 docs. https://github.com/DependencyTrack/frontend/issues/48 2021-03-17 20:17:30 -05:00			`- "8080:8080"`
Updating compose 2020-12-21 01:26:29 -06:00			`restart: unless-stopped`
Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00			```

			`### Bundled JDBC Drivers`

#904 - Bundled JDBC drivers with WAR 2021-01-25 21:44:41 -06:00			`The following JDBC Drivers are included with Dependency-Track.`
Added yaml and jdbc driver references 2018-12-12 01:51:20 -06:00
#904 - Bundled JDBC drivers with WAR 2021-01-25 21:44:41 -06:00			`\| Driver \| Class \|`
			`\| ------------- \| -------------------------------------------- \|`
			`\| Microsoft SQL \| com.microsoft.sqlserver.jdbc.SQLServerDriver \|`
			`\| MySQL \| com.mysql.jdbc.Driver \|`
			`\| PostgreSQL \| org.postgresql.Driver \|`