File Storage¶
Dependency-Track uses file storage for intermediate data during background processing, including uploaded BOMs, vulnerability analysis results, and large notifications. Files are short-lived and automatically cleaned up after processing.
The storage provider is selected via dt.file-storage.provider.
Both providers compress stored files using zstd. The compression level is configurable per provider (default: 5, range: -7 to 22). Higher levels yield better compression at the cost of CPU.
Providers¶
Local¶
The local provider stores files on the local filesystem. This is the default.
dt.file-storage.provider=local
dt.file-storage.local.directory=/data/storage
When running multiple instances, all nodes must have access to the same directory. A shared persistent volume (for example, NFS) works well for this.
Configuration:
S3¶
The s3 provider stores files in an S3-compatible object store (AWS S3, MinIO, etc.).
Use this when a shared volume is impractical.
The bucket must exist before startup. Dependency-Track will verify its existence and fail to start if it's not found.
dt.file-storage.provider=s3
dt.file-storage.s3.endpoint=https://s3.amazonaws.com
dt.file-storage.s3.bucket=dtrack-files
dt.file-storage.s3.access.key=<access-key>
dt.file-storage.s3.secret.key=<secret-key>
dt.file-storage.s3.region=us-east-1
Configuration: