[研究]OWASP Dependency Track 4.3 (war 或 jar 版) 安裝 (CentOS 8.4 x64)
官方網站
https://owasp.org/www-project-dependency-track/
https://dependencytrack.org/
Docker 版安裝看這裡
https://dependencytrack.org/
https://owasp.org/www-project-dependency-track/
WAR 版佈署看這裡
Deploying the Executable WAR
https://docs.dependencytrack.org/getting-started/distributions/
Deploying the WAR
https://docs.dependencytrack.org/getting-started/deploy-war/
指令 java -Xmx8G -jar dependency-track-bundled.war
上面沒說 war 去哪下載,直接 Google 找 dependency-track-bundled.war
dependency-track-bundled.jar 4.3.1 版 (是 jar,不是 war)
https://github.com/DependencyTrack/dependency-track/releases
下載、安裝 (需要 Java ,請自行先安裝 )
[john@localhost ~]$ su root Password: [root@localhost john]# cd /opt [root@localhost ~]# cd /opt [root@localhost ~]# wget https://github.com/DependencyTrack/dependency-track/releases/download/4.3.1/dependency-track-bundled.jar [root@localhost opt]# java -Xmx8G -jar dependency-track-bundled.jar ...(略) 2:17:01.089 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.meta 02:17:02.845 INFO [NistMirrorTask] Downloading... 02:17:02.852 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2011.json.gz 02:17:03.256 INFO [NistMirrorTask] Downloading... 02:17:04.460 INFO [NistMirrorTask] Uncompressing nvdcve-1.1-2011.json.gz 02:17:04.709 INFO [NvdParser] Parsing nvdcve-1.1-2011.json 02:17:36.375 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2011.meta 02:17:37.937 INFO [NistMirrorTask] Downloading... 02:17:37.941 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2012.json.gz 02:17:38.345 INFO [NistMirrorTask] Downloading... 02:17:42.070 INFO [NistMirrorTask] Uncompressing nvdcve-1.1-2012.json.gz 02:17:42.301 INFO [NvdParser] Parsing nvdcve-1.1-2012.json Killed [root@localhost opt]# |
再一次
[root@localhost opt]# java -Xmx8G -jar dependency-track-bundled.jar ...(略,所有 NPM 重新檢查下載,nvdcve 不會重新下載,從 2013 開始處理 ( 2012 不理會了?)) 02:25:29.685 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta 02:25:31.307 INFO [NistMirrorTask] Downloading... 02:25:31.312 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2017.json.gz 02:25:31.707 INFO [NistMirrorTask] Downloading... 02:25:33.320 INFO [NistMirrorTask] Uncompressing nvdcve-1.1-2017.json.gz 02:25:33.702 INFO [NvdParser] Parsing nvdcve-1.1-2017.json Killed [root@localhost opt]# |
再一次,不設定 RAM 看看
[root@localhost opt]# java -jar dependency-track-bundled.jar 02:28:28.239 INFO [Config] -------------------------------------------------------------------------------- 02:28:28.243 INFO [Config] OS Name: Linux 02:28:28.243 INFO [Config] OS Version: 4.18.0-305.3.1.el8.x86_64 02:28:28.243 INFO [Config] OS Arch: amd64 02:28:28.246 INFO [Config] CPU Cores: 4 02:28:28.261 INFO [Config] Max Memory: 928.0 MB (973,078,528.0 bytes) 02:28:28.262 INFO [Config] Java Vendor: Red Hat, Inc. 02:28:28.264 INFO [Config] Java Version: 11.0.12+7-LTS 02:28:28.264 INFO [Config] Java Home: /usr/lib/jvm/java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64 02:28:28.265 INFO [Config] Java Temp: /tmp 02:28:28.265 INFO [Config] User: root 02:28:28.265 INFO [Config] User Home: /root 02:28:28.265 INFO [Config] -------------------------------------------------------------------------------- 02:28:28.265 INFO [Config] Initializing Configuration 02:28:28.266 INFO [Config] System property alpine.application.properties not specified 02:28:28.266 INFO [Config] Loading application.properties from classpath 02:28:28.274 INFO [Config] -------------------------------------------------------------------------------- 02:28:28.275 INFO [Config] Application: Dependency-Track 02:28:28.275 INFO [Config] Version: 4.3.1 02:28:28.275 INFO [Config] Built-on: 2021-08-03T15:40:43Z 02:28:28.275 INFO [Config] -------------------------------------------------------------------------------- 02:28:28.276 INFO [Config] Framework: Alpine 02:28:28.276 INFO [Config] Version : 1.10.1 02:28:28.276 INFO [Config] Built-on: 2021-08-03T13:50:31Z 02:28:28.276 INFO [Config] -------------------------------------------------------------------------------- 02:28:28.296 INFO [RequirementsVerifier] Initializing requirements verifier 02:28:28.297 ERROR [RequirementsVerifier] Dependency-Track requires a minimum of 4GB RAM (heap). Cannot continue. To fix, specify -Xmx4G (or higher) when executing Java. ^CShutting down application [root@localhost opt]# |
再一次,設定 4GB RAM 看看
[root@localhost opt]# java -Xmx4G -jar dependency-track-bundled.jar
...(略,所有 NPM 重新下載,nvdcve 不會重新下載,從剛才失敗的 nvdcve-1.1-2017.json.gz 開始處理)
02:39:37.699 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
02:39:38.757 INFO [NistMirrorTask] Downloading...
02:39:38.772 INFO [NistMirrorTask] NIST mirroring complete
02:39:38.849 INFO [NistMirrorTask] Time spent (d/l): 13720ms
02:39:38.850 INFO [NistMirrorTask] Time spent (parse): 498940ms
02:39:38.850 INFO [NistMirrorTask] Time spent (total): 541289ms |
疑似啟動完畢,瀏覽器連上 http://localhost:8080/login 看看
( 是 http,不是 https,只能連 localhost,別的電腦看得到 login 畫面,按 Login 按鈕沒反應)
第一次登入帳號 admin,密碼 admin,會立刻要求變更密碼,再次登入。
(完)
沒有留言:
張貼留言