Comments (10)
With staged builds [1] it should now be easy to have tooling for build in one stage, then publish the consumer image in a second stage and setup automated/trusted [2] build on docker hub.
[1]
https://docs.docker.com/engine/userguide/eng-image/multistage-build/
[2]
https://docs.docker.com/docker-hub/builds/
from dependency-track.
A dockerfile already exists, but I do plan on making an official release of it to Docker Hub
from dependency-track.
@stevespringett do you have the Dockerfile published somewhere?
from dependency-track.
@MichaelGissingNC I plan on changing the dockerfile a bit and publishing it to dockerhub once beta's of 3.0 are available in the fall.
from dependency-track.
Once RC's are available, I'll start publishing containers to https://hub.docker.com/r/owasp/dependency-track/
from dependency-track.
👍 I don't have a Java build environment, but I can get a Docker image running.
from dependency-track.
Just an update on this ticket… A Beta-1 image will be pushed to Docker Hub in 2-3 weeks time.
from dependency-track.
The conventions Dependency-Track will use with regards to Docker are:
- 'latest' tag, which is pulled by default if no tag is specified, will always refer to the latest stable release (3.0.0, 3.0.1, 3.1.0, etc)
- 'snapshot' tag will be built and pushed on all CI changes to the master. Use this if you want a "moving target" with all the latest changes.
- Version tags (3.0.0, 3.0.1, etc) will be used to indicate each release
For the betas, I will be using the 'snapshot' tag exclusively until the release of 3.0.0. I'm going to treat the betas as a continuous moving target until we reach a stable release.
from dependency-track.
Snapshot releases are now being continuously delivered (via CI) to https://hub.docker.com/r/owasp/dependency-track/
The projects README has been updated with instructions on how to use the image.
https://twitter.com/DependencyTrack/status/960730100777082880
from dependency-track.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
from dependency-track.
Related Issues (20)
- Any plans on generating a Windows Docker Image? HOT 2
- Wrong Latest version reported by using github package URL HOT 5
- Uploading a BOM doesn't update the license of any existing components HOT 1
- False Positive with nextcloud artifacts HOT 6
- Test mail is not sent HOT 1
- LDAP auth doesn't work for users with cyrillic names HOT 3
- OIDC login CORS error HOT 4
- Update to SPDX License List 3.23
- API Patch Project endpoint silently ignore purl value in object form HOT 5
- Cargo Component Info Not Displaying in Dependency Track HOT 1
- Ensure test coverage reports can be uploaded for PRs from forks
- Return more comprehensible response in case of application already existing
- Can't upload BOM from Python requests HOT 2
- ALIAS is not taking into account for RLSA and DLA (OSV source) HOT 4
- swagger.json reports wrong field name for /vex HOT 1
- Dependency Graph is not populated HOT 1
- Parent container with child application
- Can't upload BOM HOT 1
- provide support for hackage.haskell.org and nixpkgs HOT 4
- Dependency Track does not recognize patch revisions HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-track.