API Server
CORS
alpine.cors.allow.credentials
Controls the content of the Access-Control-Allow-Credentials
response header. Has no effect when alpine.cors.enabled
is false
.
Required
false
Type
boolean
Default
true
ENV
ALPINE_CORS_ALLOW_CREDENTIALS
Controls the content of the Access-Control-Allow-Headers
response header. Has no effect when alpine.cors.enabled
is false
.
Required
false
Type
string
Default
Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *
ENV
ALPINE_CORS_ALLOW_HEADERS
alpine.cors.allow.methods
Controls the content of the Access-Control-Allow-Methods
response header. Has no effect when alpine.cors.enabled
is false
.
Required
false
Type
string
Default
GET POST PUT DELETE OPTIONS
ENV
ALPINE_CORS_ALLOW_METHODS
alpine.cors.allow.origin
Controls the content of the Access-Control-Allow-Origin
response header. Has no effect when alpine.cors.enabled
is false
.
Required
false
Type
string
Default
*
ENV
ALPINE_CORS_ALLOW_ORIGIN
alpine.cors.enabled
Defines whether Cross Origin Resource Sharing (CORS) headers shall be included in REST API responses.
Required
false
Type
boolean
Default
true
ENV
ALPINE_CORS_ENABLED
Controls the content of the Access-Control-Expose-Headers
response header. Has no effect when alpine.cors.enabled
is false
.
Required
false
Type
string
Default
Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count
ENV
ALPINE_CORS_EXPOSE_HEADERS
alpine.cors.max.age
Controls the content of the Access-Control-Max-Age
response header. Has no effect when alpine.cors.enabled
is false
.
Required
false
Type
integer
Default
3600
ENV
ALPINE_CORS_MAX_AGE
Database
alpine.database.password
Specifies the password to use when authenticating to the database.
Required
false
Type
string
Default
dtrack
ENV
ALPINE_DATABASE_PASSWORD
alpine.database.password.file
Specifies the file to load the database password from. If set, takes precedence over alpine.database.password
.
Required
false
Type
string
Default
null
Example
/var/run/secrets/database-password
ENV
ALPINE_DATABASE_PASSWORD_FILE
alpine.database.pool.enabled
Specifies if the database connection pool is enabled.
Required
false
Type
boolean
Default
true
ENV
ALPINE_DATABASE_POOL_ENABLED
alpine.database.pool.idle.timeout
This property controls the maximum amount of time that a connection is allowed to sit idle in the pool.
Required
false
Type
integer
Default
300000
ENV
ALPINE_DATABASE_POOL_IDLE_TIMEOUT
alpine.database.pool.max.lifetime
This property controls the maximum lifetime of a connection in the pool. An in-use connection will never be retired, only when it is closed will it then be removed.
Required
false
Type
integer
Default
600000
ENV
ALPINE_DATABASE_POOL_MAX_LIFETIME
alpine.database.pool.max.size
This property controls the maximum size that the pool is allowed to reach, including both idle and in-use connections.
Required
false
Type
integer
Default
20
ENV
ALPINE_DATABASE_POOL_MAX_SIZE
alpine.database.pool.min.idle
This property controls the minimum number of idle connections in the pool. This value should be equal to or less than alpine.database.pool.max.size
. Warning: If the value is less than alpine.database.pool.max.size
, alpine.database.pool.idle.timeout
will have no effect.
Required
false
Type
integer
Default
10
ENV
ALPINE_DATABASE_POOL_MIN_IDLE
alpine.database.url
Specifies the JDBC URL to use when connecting to the database. For best performance, set the reWriteBatchedInserts
query parameter to true
.
Required
true
Type
string
Default
null
Example
jdbc:postgresql://localhost:5432/dtrack?reWriteBatchedInserts=true
ENV
ALPINE_DATABASE_URL
alpine.database.username
Specifies the username to use when authenticating to the database.
Required
false
Type
string
Default
dtrack
ENV
ALPINE_DATABASE_USERNAME
database.migration.password
Defines the database password for executing migrations. If not set, the value of alpine.database.password
will be used.
Required
false
Type
string
Default
${alpine.database.password}
ENV
DATABASE_MIGRATION_PASSWORD
database.migration.url
Defines the database JDBC URL to use when executing migrations. If not set, the value of alpine.database.url
will be used. Should generally not be set, unless TLS authentication is used, and custom connection variables are required.
Required
false
Type
string
Default
${alpine.database.url}
ENV
DATABASE_MIGRATION_URL
database.migration.username
Defines the database user for executing migrations. If not set, the value of alpine.database.username
will be used.
Required
false
Type
string
Default
${alpine.database.username}
ENV
DATABASE_MIGRATION_USERNAME
database.run.migrations
Defines whether database migrations should be executed on startup. From v5.6.0 onwards, migrations are considered part of the initialization tasks. Setting init.tasks.enabled
to false
will disable migrations, even if database.run.migrations
is enabled.
Required
false
Type
boolean
Default
true
ENV
DATABASE_RUN_MIGRATIONS
database.run.migrations.only
Defines whether the application should exit upon successful execution of database migrations. Enabling this option makes the application suitable for running as k8s init container. Has no effect unless database.run.migrations
is true
. From v5.6.0 onwards, usage of init.and.exit
should be preferred.
Required
false
Type
boolean
Default
false
ENV
DATABASE_RUN_MIGRATIONS_ONLY
Development
dev.services.enabled
Whether dev services shall be enabled. When enabled, Dependency-Track will automatically launch containers for:
Frontend Kafka PostgreSQL at startup, and configures itself to use them. They are disposed when Dependency-Track stops. The containers are exposed on randomized ports, which will be logged during startup. Trying to enable dev services in a production build will prevent the application from starting. Note that the containers launched by the API server can not currently be discovered and re-used by other Hyades services. This is a future enhancement tracked in https://github.com/DependencyTrack/hyades/issues/1188 .
Required
false
Type
boolean
Default
false
ENV
DEV_SERVICES_ENABLED
dev.services.image.frontend
The image to use for the frontend dev services container.
Required
false
Type
string
Default
ghcr.io/dependencytrack/hyades-frontend:snapshot
ENV
DEV_SERVICES_IMAGE_FRONTEND
dev.services.image.kafka
The image to use for the Kafka dev services container.
Required
false
Type
string
Default
apache/kafka-native:3.8.0
ENV
DEV_SERVICES_IMAGE_KAFKA
dev.services.image.postgres
The image to use for the PostgreSQL dev services container.
Required
false
Type
string
Default
postgres:16
ENV
DEV_SERVICES_IMAGE_POSTGRES
General
alpine.api.key.prefix
Defines the prefix to be used for API keys. A maximum prefix length of 251 characters is supported. The prefix may also be left empty.
Required
false
Type
string
Default
odt_
ENV
ALPINE_API_KEY_PREFIX
alpine.auth.jwt.ttl.seconds
Defines the number of seconds for which JWTs issued by Dependency-Track will be valid for.
Required
false
Type
integer
Default
604800
ENV
ALPINE_AUTH_JWT_TTL_SECONDS
alpine.bcrypt.rounds
Specifies the number of bcrypt rounds to use when hashing a user's password. The higher the number the more secure the password, at the expense of hardware resources and additional time to generate the hash.
Required
true
Type
integer
Default
14
ENV
ALPINE_BCRYPT_ROUNDS
alpine.data.directory
Defines the path to the data directory. This directory will hold logs, keys, and any database or index files along with application-specific files or directories.
Required
true
Type
string
Default
~/.dependency-track
ENV
ALPINE_DATA_DIRECTORY
alpine.private.key.path
Defines the paths to the public-private key pair to be used for signing and verifying digital signatures. The keys will be generated upon first startup if they do not exist.
Required
false
Type
string
Default
${alpine.data.directory}/keys/private.key
Example
/var/run/secrets/private.key
ENV
ALPINE_PRIVATE_KEY_PATH
alpine.public.key.path
Defines the paths to the public-private key pair to be used for signing and verifying digital signatures. The keys will be generated upon first startup if they do not exist.
Required
false
Type
string
Default
${alpine.data.directory}/keys/public.key
Example
/var/run/secrets/public.key
ENV
ALPINE_PUBLIC_KEY_PATH
alpine.secret.key.path
Defines the path to the secret key to be used for data encryption and decryption. The key will be generated upon first startup if it does not exist.
Required
false
Type
string
Default
${alpine.data.directory}/keys/secret.key
ENV
ALPINE_SECRET_KEY_PATH
init.and.exit
Whether to only execute initialization tasks and exit.
Required
false
Type
boolean
Default
false
ENV
INIT_AND_EXIT
init.tasks.enabled
Whether to execute initialization tasks on startup. Initialization tasks include:
Execution of database migrations Populating the database with default objects (permissions, users, licenses, etc.)
Required
false
Type
boolean
Default
true
ENV
INIT_TASKS_ENABLED
integrity.check.enabled
Required
false
Type
boolean
Default
false
ENV
INTEGRITY_CHECK_ENABLED
integrity.initializer.enabled
Specifies whether the Integrity Initializer shall be enabled.
Required
false
Type
boolean
Default
false
ENV
INTEGRITY_INITIALIZER_ENABLED
tmp.delay.bom.processed.notification
Delays the BOM_PROCESSED notification until the vulnerability analysis associated with a given BOM upload is completed. The intention being that it is then "safe" to query the API for any identified vulnerabilities. This is specifically for cases where polling the /api/v1/bom/token/ endpoint is not feasible. THIS IS A TEMPORARY FUNCTIONALITY AND MAY BE REMOVED IN FUTURE RELEASES WITHOUT FURTHER NOTICE.
Required
false
Type
boolean
Default
false
ENV
TMP_DELAY_BOM_PROCESSED_NOTIFICATION
vulnerability.policy.analysis.enabled
Defines whether vulnerability policy analysis is enabled.
Required
false
Type
boolean
Default
false
ENV
VULNERABILITY_POLICY_ANALYSIS_ENABLED
vulnerability.policy.bundle.auth.password
For nginx server, if username and bearer token both are provided, basic auth will be used, else the auth header will be added based on the not null values Defines the password to be used for basic authentication against the service hosting the policy bundle.
Required
false
Type
string
Default
null
ENV
VULNERABILITY_POLICY_BUNDLE_AUTH_PASSWORD
vulnerability.policy.bundle.auth.username
Defines the username to be used for basic authentication against the service hosting the policy bundle.
Required
false
Type
string
Default
null
ENV
VULNERABILITY_POLICY_BUNDLE_AUTH_USERNAME
vulnerability.policy.bundle.bearer.token
Defines the token to be used as bearerAuth against the service hosting the policy bundle.
Required
false
Type
string
Default
null
ENV
VULNERABILITY_POLICY_BUNDLE_BEARER_TOKEN
vulnerability.policy.bundle.source.type
Defines the type of source from which policy bundles are being fetched from. Required when vulnerability.policy.bundle.url
is set.
Required
false
Type
enum
Valid Values
[nginx, s3]
Default
NGINX
ENV
VULNERABILITY_POLICY_BUNDLE_SOURCE_TYPE
vulnerability.policy.bundle.url
Defines where to fetch the policy bundle from.For S3, just the base url needs to be provided with port For nginx, the whole url with bundle name needs to be given
Required
false
Type
string
Default
null
Example
http://example.com:80/bundles/bundle.zip
ENV
VULNERABILITY_POLICY_BUNDLE_URL
vulnerability.policy.s3.access.key
S3 related details. Access key, secret key, bucket name and bundle names are mandatory if S3 is chosen. Region is optional
Required
false
Type
string
Default
null
ENV
VULNERABILITY_POLICY_S3_ACCESS_KEY
vulnerability.policy.s3.bucket.name
Required
false
Type
string
Default
null
ENV
VULNERABILITY_POLICY_S3_BUCKET_NAME
vulnerability.policy.s3.bundle.name
Required
false
Type
string
Default
null
ENV
VULNERABILITY_POLICY_S3_BUNDLE_NAME
vulnerability.policy.s3.region
Required
false
Type
string
Default
null
ENV
VULNERABILITY_POLICY_S3_REGION
vulnerability.policy.s3.secret.key
Required
false
Type
string
Default
null
ENV
VULNERABILITY_POLICY_S3_SECRET_KEY
HTTP
alpine.http.proxy.address
HTTP proxy address. If set, then alpine.http.proxy.port
must be set too.
Required
false
Type
string
Default
null
Example
proxy.example.com
ENV
ALPINE_HTTP_PROXY_ADDRESS
alpine.http.proxy.password
Required
false
Type
string
Default
null
ENV
ALPINE_HTTP_PROXY_PASSWORD
alpine.http.proxy.password.file
Specifies the file to load the HTTP proxy password from. If set, takes precedence over alpine.http.proxy.password
.
Required
false
Type
string
Default
null
Example
/var/run/secrets/http-proxy-password
ENV
ALPINE_HTTP_PROXY_PASSWORD_FILE
alpine.http.proxy.port
Required
false
Type
integer
Default
null
Example
8888
ENV
ALPINE_HTTP_PROXY_PORT
alpine.http.proxy.username
Required
false
Type
string
Default
null
ENV
ALPINE_HTTP_PROXY_USERNAME
alpine.http.timeout.connection
Defines the connection timeout in seconds for outbound HTTP connections.
Required
false
Type
integer
Default
30
ENV
ALPINE_HTTP_TIMEOUT_CONNECTION
alpine.http.timeout.pool
Defines the request timeout in seconds for outbound HTTP connections.
Required
false
Type
integer
Default
60
ENV
ALPINE_HTTP_TIMEOUT_POOL
alpine.http.timeout.socket
Defines the socket / read timeout in seconds for outbound HTTP connections.
Required
false
Type
integer
Default
30
ENV
ALPINE_HTTP_TIMEOUT_SOCKET
alpine.no.proxy
Required
false
Type
string
Default
null
Example
localhost,127.0.0.1
ENV
ALPINE_NO_PROXY
Kafka
dt.kafka.topic.prefix
Required
false
Type
string
Default
null
ENV
DT_KAFKA_TOPIC_PREFIX
kafka.auto.offset.reset
Required
false
Type
enum
Valid Values
[earliest, latest, none]
Default
earliest
ENV
KAFKA_AUTO_OFFSET_RESET
kafka.bootstrap.servers
Required
true
Type
string
Default
null
Example
localhost:9092
ENV
KAFKA_BOOTSTRAP_SERVERS
kafka.keystore.password
Required
false
Type
string
Default
null
ENV
KAFKA_KEYSTORE_PASSWORD
kafka.keystore.path
Required
false
Type
string
Default
null
ENV
KAFKA_KEYSTORE_PATH
kafka.mtls.enabled
Required
false
Type
boolean
Default
false
ENV
KAFKA_MTLS_ENABLED
kafka.processor.epss.mirror.consumer.auto.offset.reset
Required
true
Type
enum
Valid Values
[earliest, latest, none]
Default
earliest
ENV
KAFKA_PROCESSOR_EPSS_MIRROR_CONSUMER_AUTO_OFFSET_RESET
kafka.processor.epss.mirror.consumer.group.id
Required
true
Type
string
Default
dtrack-apiserver-processor
ENV
KAFKA_PROCESSOR_EPSS_MIRROR_CONSUMER_GROUP_ID
kafka.processor.epss.mirror.max.batch.size
Required
true
Type
integer
Default
500
ENV
KAFKA_PROCESSOR_EPSS_MIRROR_MAX_BATCH_SIZE
kafka.processor.epss.mirror.max.concurrency
Required
true
Type
integer
Default
-1
ENV
KAFKA_PROCESSOR_EPSS_MIRROR_MAX_CONCURRENCY
kafka.processor.epss.mirror.processing.order
Required
true
Type
enum
Valid Values
[key, partition, unordered]
Default
key
ENV
KAFKA_PROCESSOR_EPSS_MIRROR_PROCESSING_ORDER
kafka.processor.epss.mirror.retry.initial.delay.ms
Required
true
Type
integer
Default
3000
ENV
KAFKA_PROCESSOR_EPSS_MIRROR_RETRY_INITIAL_DELAY_MS
kafka.processor.epss.mirror.retry.max.delay.ms
Required
true
Type
integer
Default
180000
ENV
KAFKA_PROCESSOR_EPSS_MIRROR_RETRY_MAX_DELAY_MS
kafka.processor.epss.mirror.retry.multiplier
Required
true
Type
integer
Default
2
ENV
KAFKA_PROCESSOR_EPSS_MIRROR_RETRY_MULTIPLIER
kafka.processor.epss.mirror.retry.randomization.factor
Required
true
Type
double
Default
0.3
ENV
KAFKA_PROCESSOR_EPSS_MIRROR_RETRY_RANDOMIZATION_FACTOR
Required
true
Type
enum
Valid Values
[earliest, latest, none]
Default
earliest
ENV
KAFKA_PROCESSOR_REPO_META_ANALYSIS_RESULT_CONSUMER_AUTO_OFFSET_RESET
Required
true
Type
string
Default
dtrack-apiserver-processor
ENV
KAFKA_PROCESSOR_REPO_META_ANALYSIS_RESULT_CONSUMER_GROUP_ID
Required
true
Type
integer
Default
-1
ENV
KAFKA_PROCESSOR_REPO_META_ANALYSIS_RESULT_MAX_CONCURRENCY
Required
true
Type
enum
Valid Values
[key, partition, unordered]
Default
key
ENV
KAFKA_PROCESSOR_REPO_META_ANALYSIS_RESULT_PROCESSING_ORDER
Required
true
Type
integer
Default
1000
ENV
KAFKA_PROCESSOR_REPO_META_ANALYSIS_RESULT_RETRY_INITIAL_DELAY_MS
Required
true
Type
integer
Default
180000
ENV
KAFKA_PROCESSOR_REPO_META_ANALYSIS_RESULT_RETRY_MAX_DELAY_MS
Required
true
Type
integer
Default
2
ENV
KAFKA_PROCESSOR_REPO_META_ANALYSIS_RESULT_RETRY_MULTIPLIER
Required
true
Type
double
Default
0.3
ENV
KAFKA_PROCESSOR_REPO_META_ANALYSIS_RESULT_RETRY_RANDOMIZATION_FACTOR
kafka.processor.vuln.mirror.consumer.auto.offset.reset
Required
true
Type
enum
Valid Values
[earliest, latest, none]
Default
earliest
ENV
KAFKA_PROCESSOR_VULN_MIRROR_CONSUMER_AUTO_OFFSET_RESET
kafka.processor.vuln.mirror.consumer.group.id
Required
true
Type
string
Default
dtrack-apiserver-processor
ENV
KAFKA_PROCESSOR_VULN_MIRROR_CONSUMER_GROUP_ID
kafka.processor.vuln.mirror.max.concurrency
Required
true
Type
integer
Default
-1
ENV
KAFKA_PROCESSOR_VULN_MIRROR_MAX_CONCURRENCY
kafka.processor.vuln.mirror.processing.order
Required
true
Type
enum
Valid Values
[key, partition, unordered]
Default
partition
ENV
KAFKA_PROCESSOR_VULN_MIRROR_PROCESSING_ORDER
kafka.processor.vuln.mirror.retry.initial.delay.ms
Required
true
Type
integer
Default
3000
ENV
KAFKA_PROCESSOR_VULN_MIRROR_RETRY_INITIAL_DELAY_MS
kafka.processor.vuln.mirror.retry.max.delay.ms
Required
true
Type
integer
Default
180000
ENV
KAFKA_PROCESSOR_VULN_MIRROR_RETRY_MAX_DELAY_MS
kafka.processor.vuln.mirror.retry.multiplier
Required
true
Type
integer
Default
2
ENV
KAFKA_PROCESSOR_VULN_MIRROR_RETRY_MULTIPLIER
kafka.processor.vuln.mirror.retry.randomization.factor
Required
true
Type
double
Default
0.3
ENV
KAFKA_PROCESSOR_VULN_MIRROR_RETRY_RANDOMIZATION_FACTOR
kafka.processor.vuln.scan.result.consumer.auto.offset.reset
Required
true
Type
enum
Valid Values
[earliest, latest, none]
Default
earliest
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_CONSUMER_AUTO_OFFSET_RESET
kafka.processor.vuln.scan.result.consumer.group.id
Required
true
Type
string
Default
dtrack-apiserver-processor
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_CONSUMER_GROUP_ID
kafka.processor.vuln.scan.result.max.concurrency
Required
true
Type
integer
Default
-1
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_MAX_CONCURRENCY
kafka.processor.vuln.scan.result.processed.consumer.auto.offset.reset
Required
true
Type
enum
Valid Values
[earliest, latest, none]
Default
earliest
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSED_CONSUMER_AUTO_OFFSET_RESET
kafka.processor.vuln.scan.result.processed.consumer.fetch.min.bytes
Required
true
Type
integer
Default
524288
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSED_CONSUMER_FETCH_MIN_BYTES
kafka.processor.vuln.scan.result.processed.consumer.group.id
Required
true
Type
string
Default
dtrack-apiserver-processor
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSED_CONSUMER_GROUP_ID
kafka.processor.vuln.scan.result.processed.consumer.max.poll.records
Required
true
Type
integer
Default
10000
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSED_CONSUMER_MAX_POLL_RECORDS
kafka.processor.vuln.scan.result.processed.max.batch.size
Required
true
Type
integer
Default
1000
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSED_MAX_BATCH_SIZE
kafka.processor.vuln.scan.result.processed.max.concurrency
Required
true
Type
integer
Default
1
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSED_MAX_CONCURRENCY
kafka.processor.vuln.scan.result.processed.processing.order
Required
true
Type
enum
Valid Values
[key, partition, unordered]
Default
unordered
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSED_PROCESSING_ORDER
kafka.processor.vuln.scan.result.processed.retry.initial.delay.ms
Required
true
Type
integer
Default
3000
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSED_RETRY_INITIAL_DELAY_MS
kafka.processor.vuln.scan.result.processed.retry.max.delay.ms
Required
true
Type
integer
Default
180000
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSED_RETRY_MAX_DELAY_MS
kafka.processor.vuln.scan.result.processed.retry.multiplier
Required
true
Type
integer
Default
2
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSED_RETRY_MULTIPLIER
kafka.processor.vuln.scan.result.processed.retry.randomization.factor
Required
true
Type
double
Default
0.3
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSED_RETRY_RANDOMIZATION_FACTOR
kafka.processor.vuln.scan.result.processing.order
Required
true
Type
enum
Valid Values
[key, partition, unordered]
Default
key
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_PROCESSING_ORDER
kafka.processor.vuln.scan.result.retry.initial.delay.ms
Required
true
Type
integer
Default
1000
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_RETRY_INITIAL_DELAY_MS
kafka.processor.vuln.scan.result.retry.max.delay.ms
Required
true
Type
integer
Default
180000
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_RETRY_MAX_DELAY_MS
kafka.processor.vuln.scan.result.retry.multiplier
Required
true
Type
integer
Default
2
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_RETRY_MULTIPLIER
kafka.processor.vuln.scan.result.retry.randomization.factor
Required
true
Type
double
Default
0.3
ENV
KAFKA_PROCESSOR_VULN_SCAN_RESULT_RETRY_RANDOMIZATION_FACTOR
kafka.security.protocol
Required
false
Type
enum
Valid Values
[PLAINTEXT, SASL_SSL_PLAINTEXT, SASL_PLAINTEXT, SSL]
Default
null
ENV
KAFKA_SECURITY_PROTOCOL
kafka.tls.enabled
Required
false
Type
boolean
Default
false
ENV
KAFKA_TLS_ENABLED
kafka.truststore.password
Required
false
Type
string
Default
null
ENV
KAFKA_TRUSTSTORE_PASSWORD
kafka.truststore.path
Required
false
Type
string
Default
null
ENV
KAFKA_TRUSTSTORE_PATH
LDAP
alpine.ldap.attribute.mail
Specifies the LDAP attribute used to store a users email address
Required
false
Type
string
Default
mail
ENV
ALPINE_LDAP_ATTRIBUTE_MAIL
alpine.ldap.attribute.name
Specifies the Attribute that identifies a users ID. Example (Microsoft Active Directory):
Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
Required
false
Type
string
Default
userPrincipalName
ENV
ALPINE_LDAP_ATTRIBUTE_NAME
Specifies if the username entered during login needs to be formatted prior to asserting credentials against the directory. For Active Directory, the userPrincipal attribute typically ends with the domain, whereas the samAccountName attribute and other directory server implementations do not. The %s variable will be substituted with the username asserted during login. Example (Microsoft Active Directory):
Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
Required
false
Type
string
Default
null
Example
%s@example.com
ENV
ALPINE_LDAP_AUTH_USERNAME_FORMAT
alpine.ldap.basedn
Specifies the base DN that all queries should search from
Required
false
Type
string
Default
null
Example
dc=example,dc=com
ENV
ALPINE_LDAP_BASEDN
alpine.ldap.bind.password
If anonymous access is not permitted, specify a password for the username used to bind.
Required
false
Type
string
Default
null
ENV
ALPINE_LDAP_BIND_PASSWORD
alpine.ldap.bind.username
If anonymous access is not permitted, specify a username with limited access to the directory, just enough to perform searches. This should be the fully qualified DN of the user.
Required
false
Type
string
Default
null
ENV
ALPINE_LDAP_BIND_USERNAME
alpine.ldap.enabled
Defines if LDAP will be used for user authentication. If enabled, alpine.ldap.*
properties should be set accordingly.
Required
false
Type
boolean
Default
false
ENV
ALPINE_LDAP_ENABLED
alpine.ldap.groups.filter
Specifies the LDAP search filter used to retrieve all groups from the directory. Example (Microsoft Active Directory):
(&(objectClass=group)(objectCategory=Group))
Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc): (&(objectClass=groupOfUniqueNames))
Required
false
Type
string
Default
(&(objectClass=group)(objectCategory=Group))
ENV
ALPINE_LDAP_GROUPS_FILTER
alpine.ldap.groups.search.filter
Specifies the LDAP search filter used to search for groups by their name. The {SEARCH_TERM}
variable will be substituted at runtime. Example (Microsoft Active Directory):
(&(objectClass=group)(objectCategory=Group)(cn={SEARCH_TERM} ))
Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc): (&(objectClass=groupOfUniqueNames)(cn={SEARCH_TERM} ))
Required
false
Type
string
Default
(&(objectClass=group)(objectCategory=Group)(cn=*{SEARCH_TERM}*))
ENV
ALPINE_LDAP_GROUPS_SEARCH_FILTER
alpine.ldap.security.auth
Specifies the LDAP security authentication level to use. Its value is one of the following strings: "none", "simple", "strong". If this property is empty or unspecified, the behaviour is determined by the service provider.
Required
false
Type
enum
Valid Values
[none, simple, strong]
Default
simple
ENV
ALPINE_LDAP_SECURITY_AUTH
alpine.ldap.server.url
Specifies the LDAP server URL. Examples (Microsoft Active Directory):
ldap://ldap.example.com:3268
ldaps://ldap.example.com:3269
Examples (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc): ldap://ldap.example.com:389
ldaps://ldap.example.com:636
Required
false
Type
string
Default
null
ENV
ALPINE_LDAP_SERVER_URL
alpine.ldap.team.synchronization
This option will ensure that team memberships for LDAP users are dynamic and synchronized with membership of LDAP groups. When a team is mapped to an LDAP group, all local LDAP users will automatically be assigned to the team if they are a member of the group the team is mapped to. If the user is later removed from the LDAP group, they will also be removed from the team. This option provides the ability to dynamically control user permissions via an external directory.
Required
false
Type
boolean
Default
false
ENV
ALPINE_LDAP_TEAM_SYNCHRONIZATION
alpine.ldap.user.groups.filter
Specifies the LDAP search filter to use to query a user and retrieve a list of groups the user is a member of. The {USER_DN}
variable will be substituted with the actual value of the users DN at runtime. Example (Microsoft Active Directory):
(&(objectClass=group)(objectCategory=Group)(member={USER_DN}))
Example (Microsoft Active Directory - with nested group support): (member:1.2.840.113556.1.4.1941:={USER_DN})
Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc): (&(objectClass=groupOfUniqueNames)(uniqueMember={USER_DN}))
Required
false
Type
string
Default
(member:1.2.840.113556.1.4.1941:={USER_DN})
ENV
ALPINE_LDAP_USER_GROUPS_FILTER
alpine.ldap.user.provisioning
Specifies if mapped LDAP accounts are automatically created upon successful authentication. When a user logs in with valid credentials but an account has not been previously provisioned, an authentication failure will be returned. This allows admins to control specifically which ldap users can access the system and which users cannot. When this value is set to true, a local ldap user will be created and mapped to the ldap account automatically. This automatic provisioning only affects authentication, not authorization.
Required
false
Type
boolean
Default
false
ENV
ALPINE_LDAP_USER_PROVISIONING
Specifies the LDAP search filter used to search for users by their name. The {SEARCH_TERM}
variable will be substituted at runtime. Example (Microsoft Active Directory):
(&(objectClass=group)(objectCategory=Group)(cn={SEARCH_TERM} ))
Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc): (&(objectClass=inetOrgPerson)(cn={SEARCH_TERM} ))
Required
false
Type
string
Default
(&(objectClass=user)(objectCategory=Person)(cn=*{SEARCH_TERM}*))
ENV
ALPINE_LDAP_USERS_SEARCH_FILTER
Observability
alpine.metrics.auth.password
Defines the password required to access metrics. Has no effect when alpine.metrics.auth.username
is not set.
Required
false
Type
string
Default
null
ENV
ALPINE_METRICS_AUTH_PASSWORD
alpine.metrics.auth.username
Defines the username required to access metrics. Has no effect when alpine.metrics.auth.password
is not set.
Required
false
Type
string
Default
null
ENV
ALPINE_METRICS_AUTH_USERNAME
alpine.metrics.enabled
Defines whether Prometheus metrics will be exposed. If enabled, metrics will be available via the /metrics endpoint.
Required
false
Type
boolean
Default
false
ENV
ALPINE_METRICS_ENABLED
OpenID Connect
alpine.oidc.client.id
Defines the client ID to be used for OpenID Connect. The client ID should be the same as the one configured for the frontend, and will only be used to validate ID tokens.
Required
false
Type
string
Default
null
ENV
ALPINE_OIDC_CLIENT_ID
alpine.oidc.enabled
Defines if OpenID Connect will be used for user authentication. If enabled, alpine.oidc.*
properties should be set accordingly.
Required
false
Type
boolean
Default
false
ENV
ALPINE_OIDC_ENABLED
alpine.oidc.issuer
Defines the issuer URL to be used for OpenID Connect. This issuer MUST support provider configuration via the /.well-known/openid-configuration
endpoint. See also:
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
Required
false
Type
string
Default
null
ENV
ALPINE_OIDC_ISSUER
alpine.oidc.team.synchronization
This option will ensure that team memberships for OpenID Connect users are dynamic and synchronized with membership of OpenID Connect groups or assigned roles. When a team is mapped to an OpenID Connect group, all local OpenID Connect users will automatically be assigned to the team if they are a member of the group the team is mapped to. If the user is later removed from the OpenID Connect group, they will also be removed from the team. This option provides the ability to dynamically control user permissions via the identity provider. Note that team synchronization is only performed during user provisioning and after successful authentication.
Required
false
Type
boolean
Default
false
ENV
ALPINE_OIDC_TEAM_SYNCHRONIZATION
alpine.oidc.teams.claim
Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint. The claim must be an array of strings. Most public identity providers do not support group or role management. When using a customizable / on-demand hosted identity provider, name, content, and inclusion in the userinfo endpoint will most likely need to be configured.
Required
false
Type
string
Default
groups
ENV
ALPINE_OIDC_TEAMS_CLAIM
alpine.oidc.user.provisioning
Specifies if mapped OpenID Connect accounts are automatically created upon successful authentication. When a user logs in with a valid access token but an account has not been previously provisioned, an authentication failure will be returned. This allows admins to control specifically which OpenID Connect users can access the system and which users cannot. When this value is set to true, a local OpenID Connect user will be created and mapped to the OpenID Connect account automatically. This automatic provisioning only affects authentication, not authorization.
Required
false
Type
boolean
Default
false
ENV
ALPINE_OIDC_USER_PROVISIONING
alpine.oidc.username.claim
Defines the name of the claim that contains the username in the provider's userinfo endpoint. Common claims are name
, username
, preferred_username
or nickname
. See also:
https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
Required
false
Type
string
Default
name
ENV
ALPINE_OIDC_USERNAME_CLAIM
Task Execution
alpine.worker.thread.multiplier
Defines a multiplier that is used to calculate the number of threads used by the event subsystem. This property is only used when alpine.worker.threads
is set to 0. A machine with 4 cores and a multiplier of 4, will use (at most) 16 worker threads.
Required
true
Type
integer
Default
4
ENV
ALPINE_WORKER_THREAD_MULTIPLIER
alpine.worker.threads
Defines the number of worker threads that the event subsystem will consume. Events occur asynchronously and are processed by the Event subsystem. This value should be large enough to handle most production situations without introducing much delay, yet small enough not to pose additional load on an already resource-constrained server. A value of 0 will instruct Alpine to allocate 1 thread per CPU core. This can further be tweaked using the alpine.worker.thread.multiplier
property.
Required
true
Type
integer
Default
0
ENV
ALPINE_WORKER_THREADS
Task Scheduling
task.component.metadata.maintenance.cron
Cron expression of the component metadata maintenance task. The task deletes orphaned records from the INTEGRITY_META_COMPONENT
and REPOSITORY_META_COMPONENT
tables.
Required
true
Type
cron
Default
0 */12 * * *
ENV
TASK_COMPONENT_METADATA_MAINTENANCE_CRON
task.component.metadata.maintenance.lock.max.duration
Maximum duration in ISO 8601 format for which the component metadata maintenance task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_COMPONENT_METADATA_MAINTENANCE_LOCK_MAX_DURATION
task.component.metadata.maintenance.lock.min.duration
Minimum duration in ISO 8601 format for which the component metadata maintenance task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT1M
ENV
TASK_COMPONENT_METADATA_MAINTENANCE_LOCK_MIN_DURATION
task.defect.dojo.upload.cron
Cron expression of the DefectDojo upload task.
Required
true
Type
cron
Default
0 2 * * *
ENV
TASK_DEFECT_DOJO_UPLOAD_CRON
task.epss.mirror.cron
Cron expression of the EPSS mirroring task.
Required
true
Type
cron
Default
0 1 * * *
ENV
TASK_EPSS_MIRROR_CRON
task.fortify.ssc.upload.cron
Cron expression of the Fortify SSC upload task.
Required
true
Type
cron
Default
0 2 * * *
ENV
TASK_FORTIFY_SSC_UPLOAD_CRON
task.git.hub.advisory.mirror.cron
Cron expression of the vulnerability GitHub Advisories mirroring task.
Required
true
Type
cron
Default
0 2 * * *
ENV
TASK_GIT_HUB_ADVISORY_MIRROR_CRON
Cron expression of the integrity metadata initializer task.
Required
true
Type
cron
Default
0 */12 * * *
ENV
TASK_INTEGRITY_META_INITIALIZER_CRON
Maximum duration in ISO 8601 format for which the integrity metadata initializer task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_INTEGRITY_META_INITIALIZER_LOCK_MAX_DURATION
Minimum duration in ISO 8601 format for which the integrity metadata initializer task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT90S
ENV
TASK_INTEGRITY_META_INITIALIZER_LOCK_MIN_DURATION
task.internal.component.identification.cron
Cron expression of the internal component identification task.
Required
true
Type
cron
Default
25 */6 * * *
ENV
TASK_INTERNAL_COMPONENT_IDENTIFICATION_CRON
task.internal.component.identification.lock.max.duration
Maximum duration in ISO 8601 format for which the internal component identification task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_INTERNAL_COMPONENT_IDENTIFICATION_LOCK_MAX_DURATION
task.internal.component.identification.lock.min.duration
Minimum duration in ISO 8601 format for which the internal component identification task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT90S
ENV
TASK_INTERNAL_COMPONENT_IDENTIFICATION_LOCK_MIN_DURATION
task.kenna.security.upload.cron
Cron expression of the Kenna Security upload task.
Required
true
Type
cron
Default
0 2 * * *
ENV
TASK_KENNA_SECURITY_UPLOAD_CRON
task.ldap.sync.cron
Cron expression of the LDAP synchronization task.
Required
true
Type
cron
Default
0 */6 * * *
ENV
TASK_LDAP_SYNC_CRON
task.ldap.sync.lock.max.duration
Maximum duration in ISO 8601 format for which the LDAP synchronization task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_LDAP_SYNC_LOCK_MAX_DURATION
task.ldap.sync.lock.min.duration
Minimum duration in ISO 8601 format for which the LDAP synchronization task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT90S
ENV
TASK_LDAP_SYNC_LOCK_MIN_DURATION
task.metrics.maintenance.cron
Cron expression of the metrics maintenance task. The task deletes records older than the configured metrics retention duration from the following tables:
DEPENDENCYMETRICS
PROJECTMETRICS
PORTFOLIOMETRICS
Required
true
Type
cron
Default
0 */3 * * *
ENV
TASK_METRICS_MAINTENANCE_CRON
task.metrics.maintenance.lock.max.duration
Maximum duration in ISO 8601 format for which the metrics maintenance task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_METRICS_MAINTENANCE_LOCK_MAX_DURATION
task.metrics.maintenance.lock.min.duration
Minimum duration in ISO 8601 format for which the metrics maintenance task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT1M
ENV
TASK_METRICS_MAINTENANCE_LOCK_MIN_DURATION
task.nist.mirror.cron
Cron expression of the NIST / NVD mirroring task.
Required
true
Type
cron
Default
0 4 * * *
ENV
TASK_NIST_MIRROR_CRON
task.osv.mirror.cron
Cron expression of the OSV mirroring task.
Required
true
Type
cron
Default
0 3 * * *
ENV
TASK_OSV_MIRROR_CRON
task.portfolio.metrics.update.cron
Cron expression of the portfolio metrics update task.
Required
true
Type
cron
Default
10 * * * *
ENV
TASK_PORTFOLIO_METRICS_UPDATE_CRON
task.portfolio.metrics.update.lock.max.duration
Maximum duration in ISO 8601 format for which the portfolio metrics update task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_PORTFOLIO_METRICS_UPDATE_LOCK_MAX_DURATION
task.portfolio.metrics.update.lock.min.duration
Minimum duration in ISO 8601 format for which the portfolio metrics update task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT90S
ENV
TASK_PORTFOLIO_METRICS_UPDATE_LOCK_MIN_DURATION
task.project.maintenance.cron
Cron expression of the project maintenance task. The task deletes inactive projects based on retention policy.
Required
true
Type
cron
Default
0 */4 * * *
ENV
TASK_PROJECT_MAINTENANCE_CRON
task.project.maintenance.lock.max.duration
Maximum duration in ISO 8601 format for which the project maintenance task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_PROJECT_MAINTENANCE_LOCK_MAX_DURATION
task.project.maintenance.lock.min.duration
Minimum duration in ISO 8601 format for which the project maintenance task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT1M
ENV
TASK_PROJECT_MAINTENANCE_LOCK_MIN_DURATION
Cron expression of the portfolio repository metadata analysis task.
Required
true
Type
cron
Default
0 1 * * *
ENV
TASK_REPOSITORY_META_ANALYSIS_CRON
Maximum duration in ISO 8601 format for which the portfolio repository metadata analysis task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_REPOSITORY_META_ANALYSIS_LOCK_MAX_DURATION
Minimum duration in ISO 8601 format for which the portfolio repository metadata analysis task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT90S
ENV
TASK_REPOSITORY_META_ANALYSIS_LOCK_MIN_DURATION
task.scheduler.initial.delay
Scheduling tasks after 3 minutes (360 1000) of starting application
Required
true
Type
integer
Default
180000
ENV
TASK_SCHEDULER_INITIAL_DELAY
task.scheduler.polling.interval
Cron expressions for tasks have the precision of minutes so polling every minute
Required
true
Type
integer
Default
60000
ENV
TASK_SCHEDULER_POLLING_INTERVAL
task.tag.maintenance.cron
Cron expression of the tag maintenance task. The task deletes orphaned tags that are not used anymore.
Required
true
Type
cron
Default
0 */12 * * *
ENV
TASK_TAG_MAINTENANCE_CRON
task.tag.maintenance.lock.max.duration
Maximum duration in ISO 8601 format for which the tag maintenance task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_TAG_MAINTENANCE_LOCK_MAX_DURATION
task.tag.maintenance.lock.min.duration
Minimum duration in ISO 8601 format for which the tag maintenance task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT1M
ENV
TASK_TAG_MAINTENANCE_LOCK_MIN_DURATION
task.vulnerability.analysis.cron
Cron expression of the portfolio vulnerability analysis task.
Required
true
Type
cron
Default
0 6 * * *
ENV
TASK_VULNERABILITY_ANALYSIS_CRON
task.vulnerability.analysis.lock.max.duration
Maximum duration in ISO 8601 format for which the portfolio vulnerability analysis task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_VULNERABILITY_ANALYSIS_LOCK_MAX_DURATION
task.vulnerability.analysis.lock.min.duration
Minimum duration in ISO 8601 format for which the portfolio vulnerability analysis task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT90S
ENV
TASK_VULNERABILITY_ANALYSIS_LOCK_MIN_DURATION
task.vulnerability.database.maintenance.cron
Cron expression of the vulnerability database maintenance task. The task deletes orphaned records from the VULNERABLESOFTWARE
table.
Required
true
Type
cron
Default
0 0 * * *
ENV
TASK_VULNERABILITY_DATABASE_MAINTENANCE_CRON
task.vulnerability.database.maintenance.lock.max.duration
Maximum duration in ISO 8601 format for which the vulnerability database maintenance task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_VULNERABILITY_DATABASE_MAINTENANCE_LOCK_MAX_DURATION
task.vulnerability.database.maintenance.lock.min.duration
Minimum duration in ISO 8601 format for which the vulnerability database maintenance task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT1M
ENV
TASK_VULNERABILITY_DATABASE_MAINTENANCE_LOCK_MIN_DURATION
task.vulnerability.metrics.update.cron
Cron expression of the vulnerability metrics update task.
Required
true
Type
cron
Default
40 * * * *
ENV
TASK_VULNERABILITY_METRICS_UPDATE_CRON
task.vulnerability.metrics.update.lock.max.duration
Maximum duration in ISO 8601 format for which the vulnerability metrics update task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_VULNERABILITY_METRICS_UPDATE_LOCK_MAX_DURATION
task.vulnerability.metrics.update.lock.min.duration
Minimum duration in ISO 8601 format for which the vulnerability metrics update task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT90S
ENV
TASK_VULNERABILITY_METRICS_UPDATE_LOCK_MIN_DURATION
task.vulnerability.policy.fetch.cron
Cron expression of the vulnerability policy bundle fetch task.
Required
true
Type
cron
Default
*/5 * * * *
ENV
TASK_VULNERABILITY_POLICY_FETCH_CRON
task.vulnerability.policy.fetch.lock.max.duration
Maximum duration in ISO 8601 format for which the vulnerability policy bundle fetch task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT5M
ENV
TASK_VULNERABILITY_POLICY_FETCH_LOCK_MAX_DURATION
task.vulnerability.policy.fetch.lock.min.duration
Minimum duration in ISO 8601 format for which the vulnerability policy bundle fetch task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT5S
ENV
TASK_VULNERABILITY_POLICY_FETCH_LOCK_MIN_DURATION
task.vulnerability.scan.maintenance.cron
Cron expression of the vulnerability scan maintenance task. The task deletes records older than the configured retention duration from the VULNERABILITYSCAN
table.
Required
true
Type
cron
Default
0 * * * *
ENV
TASK_VULNERABILITY_SCAN_MAINTENANCE_CRON
task.vulnerability.scan.maintenance.lock.max.duration
Maximum duration in ISO 8601 format for which the vulnerability database maintenance task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT15M
ENV
TASK_VULNERABILITY_SCAN_MAINTENANCE_LOCK_MAX_DURATION
task.vulnerability.scan.maintenance.lock.min.duration
Minimum duration in ISO 8601 format for which the vulnerability database maintenance task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT1M
ENV
TASK_VULNERABILITY_SCAN_MAINTENANCE_LOCK_MIN_DURATION
task.workflow.maintenance.cron
Cron expression of the workflow maintenance task. The task:
Transitions workflow steps from PENDING
to TIMED_OUT
state Transitions workflow steps from TIMED_OUT
to FAILED
state Transitions children of FAILED
steps to CANCELLED
state Deletes finished workflows according to the configured retention duration
Required
true
Type
cron
Default
*/15 * * * *
ENV
TASK_WORKFLOW_MAINTENANCE_CRON
task.workflow.maintenance.lock.max.duration
Maximum duration in ISO 8601 format for which the workflow maintenance task will hold a lock. The duration should be long enough to cover the task's execution duration.
Required
true
Type
duration
Default
PT5M
ENV
TASK_WORKFLOW_MAINTENANCE_LOCK_MAX_DURATION
task.workflow.maintenance.lock.min.duration
Minimum duration in ISO 8601 format for which the workflow maintenance task will hold a lock. The duration should be long enough to cover eventual clock skew across API server instances.
Required
true
Type
duration
Default
PT1M
ENV
TASK_WORKFLOW_MAINTENANCE_LOCK_MIN_DURATION