Reference

Reference documentation describes Dependency-Track's technical interfaces, configuration properties, and data schemas. It is designed to be consulted rather than read from start to finish.

For step-by-step instructions, see Guides. For background and explanations, see Concepts.

API

• REST API v1
• REST API v2

Configuration

• Application -- general application settings and MicroProfile Config sources
• Data Sources -- database connection and pool configuration
• File Storage -- local and S3-compatible storage providers
• Database -- PostgreSQL requirements, extensions, and tuning parameters
• All Properties -- complete generated registry of all application properties

Datasources

• NVD -- National Vulnerability Database mirroring and CPE matching
• GitHub Advisories -- GHSA mirroring via GitHub's GraphQL API
• OSV -- Open Source Vulnerabilities mirroring, selectable by ecosystem
• Private Vulnerability Repository -- internally managed vulnerabilities for proprietary components
• Repositories -- package registries for outdated component detection
• Internal Components -- excluding first-party components from external analysis

Notifications

• Publishers -- email, Jira, Kafka, Webhook, and other publisher options
• Groups -- the catalog of events Dependency-Track emits notifications for
• Filter Expressions -- CEL-based notification filtering

Vulnerability Analysis

• Vulnerability Analyzers -- internal and external analyzers used to identify vulnerabilities
• Vulnerability Policies -- field definitions, bundle YAML schema, and sync configuration
• Condition Expressions -- inputs and custom functions for policy conditions

CEL Expressions

• CEL Expressions -- shared CEL syntax primer used by both policies and notification filters

Access Control

• Permissions -- users, teams, API keys, and the full permissions table

Integrations

• Badges -- SVG badges for embedding vulnerability and policy metrics
• File Formats -- CycloneDX BOM/VEX/VDR and Finding Packaging Format (FPF)
• Community Integrations -- third-party tools and libraries built on the Dependency-Track API

Schemas

• Notification Schema -- Protobuf definitions for notification subjects
• Policy Schema -- Protobuf definitions for the policy CEL evaluation context