Cache¶

Dependency-Track caches results of expensive operations to reduce load on external services and speed up repeated lookups. Each cache has a TTL after which entries expire and the cache provider drops them.

Select the provider via dt.cache.provider.

Providers¶

Database¶

The database provider stores cache entries in the CACHE_ENTRY table on a configured data source. This is the only built-in provider.

Warning

The provider does not manage its own schema. The configured data source must point at the same schema as the default data source, where Dependency-Track's schema migrations create the CACHE_ENTRY table.

Tip

Pointing the cache at a secondary data source that targets the same schema can still be useful as a way to isolate cache traffic from the main connection pool, so that cache activity doesn't compete with the API server for database connections.

A background maintenance worker periodically deletes expired rows and refreshes the per-cache size counters that feed the cache metrics.

Configuration:

Entry TTLs¶

Each named cache has its own TTL property of the form dt.cache."<name>".ttl-ms.

Vulnerability analyzer results¶

Cached results of remote vulnerability analyzer lookups, keyed by component identifier. Reduces API calls to upstream services across analyses of the same components.

Configuration:

Package metadata resolver responses¶

Cached HTTP responses from package registry metadata endpoints, used to detect outdated components.

Tip

Entries include the response body together with ETag and Last-Modified validators so that refreshes after the freshness window revalidate with a conditional request and receive a 304 when the upstream response hasn't changed. The TTL must exceed the 12 h freshness window for conditional requests to fire.

Configuration: