Database¶
Dependency-Track requires a PostgreSQL, or PostgreSQL-compatible database to operate.
The lowest supported version is 14. You are encouraged to use the newest available version.
For guidance on choosing a hosting solution, deploying, and tuning PostgreSQL, see the database configuration guide.
Extensions¶
The following PostgreSQL extensions are required by Dependency-Track. When choosing a hosting solution, verify that the extensions listed here are supported.
pg_trgm: Support for similarity of text using trigram matching
Note
Dependency-Track will execute the necessary CREATE EXTENSION IF NOT EXISTS statements
during schema migration. Enabling extensions manually is not necessary.
Generally, usage of extensions is limited to those that:
- Ship with PostgreSQL out-of-the-box
- Are trusted by default
Tuning Parameters¶
The following PostgreSQL parameters are recommended for Dependency-Track deployments. For context on when and why to apply these, see the advanced tuning guide.
autovacuum_vacuum_scale_factor¶
| Default | 0.2 |
|---|---|
| Recommendation | 0.02 |
| Tables |
|
| References | Documentation |
default_toast_compression¶
| Default | pglz |
|---|---|
| Recommendation | lz4 |
| References |
wal_compression¶
| Default | off |
|---|---|
| Recommendation | lz4 or zstd |
| References |
Schema Migrations¶
Schema migrations are performed automatically by the API server upon startup using Liquibase. Usually no manual action is required when upgrading from an older Dependency-Track version, unless explicitly stated otherwise in the release notes.
This behaviour can be turned off by setting init.tasks.enabled
on the API server container to false.
For configuring separate migration credentials, see the schema migration credentials guide.