Skip to content

GurdipSCode/devops-terraform-modules-dependencytrack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

12 Commits
src
src
Β 
Β 
.gitignore
.gitignore
Β 
Β 
CHANGELOG.md
CHANGELOG.md
Β 
Β 
README.md
README.md
Β 
Β 
adrs
adrs
Β 
Β 
cliff.toml
cliff.toml
Β 
Β 
gitguardian.yml
gitguardian.yml
Β 
Β 

Repository files navigation

DependencyTrack

Terraform Module β€” OWASP DependencyTrack

Terraform Registry Provider Version Terraform DependencyTrack License: MPL 2.0 HCL

A reusable, production-ready Terraform module for managing an OWASP DependencyTrack instance
using the SolarFactories/dependencytrack provider.

πŸ“ Module Structure

.
β”œβ”€β”€ versions.tf          # Provider & Terraform version constraints
β”œβ”€β”€ projects.tf          # πŸ“¦ Projects
β”œβ”€β”€ teams.tf             # πŸ‘₯ Teams, permissions & ACL mappings
β”œβ”€β”€ users.tf             # πŸ§‘ Managed users, team memberships & permissions
β”œβ”€β”€ policies.tf          # πŸ“œ Policies, conditions & project assignments
β”œβ”€β”€ repositories.tf      # πŸ—„οΈ  Package repositories
β”œβ”€β”€ oidc.tf              # πŸ” OIDC groups & team mappings
β”œβ”€β”€ tags.tf              # 🏷️  Tags (API v4.13+)
β”œβ”€β”€ config.tf            # βš™οΈ  Server config properties
└── examples/
    └── complete/        # Full working example

🧩 Managed Resources

Icon File Resources Description
πŸ“¦ projects.tf dependencytrack_project Applications, libraries, containers
πŸ‘₯ teams.tf dependencytrack_team Β· _team_permissions Β· _acl_mapping Groups with shared permissions & project ACLs
πŸ§‘ users.tf dependencytrack_user Β· _user_team Β· _user_permission Local user accounts, memberships & permissions
πŸ“œ policies.tf dependencytrack_policy Β· _policy_condition Β· _policy_project Compliance policies with conditions
πŸ—„οΈ repositories.tf dependencytrack_repository Maven, NPM, PyPI, NuGet, etc.
πŸ” oidc.tf dependencytrack_oidc_group Β· _oidc_group_mapping SSO group β†’ team mappings
🏷️ tags.tf dependencytrack_tag Reusable tags (API v4.13+)
βš™οΈ config.tf dependencytrack_config_property Server-level settings

πŸ”§ Requirements

Name Version
Terraform >= 1.0
DependencyTrack >= 4.11 (tags & collections require 4.13)
Provider >= 1.18.0

πŸš€ Quick Start

# 1. Configure the provider in your root module
provider "dependencytrack" {
  host = "https://dtrack-api.example.com"
  key  = "OS_ENV"  # reads DEPENDENCYTRACK_API_KEY env var
}

# 2. Call the module
module "dependencytrack" {
  source = "path/to/this/module"

  projects = {
    my_app = {
      name        = "My Application"
      description = "Main production app"
      tags        = ["production"]
    }
  }

  teams = {
    security = {
      name         = "Security Team"
      permissions  = ["VIEW_PORTFOLIO", "VULNERABILITY_ANALYSIS"]
      project_acls = ["my_app"]
    }
  }

  policies = {
    critical_vulns = {
      name      = "Block Critical Vulns"
      operator  = "ANY"
      violation = "FAIL"
      conditions = [{
        subject  = "SEVERITY"
        operator = "IS"
        value    = "CRITICAL"
      }]
      projects = ["my_app"]
    }
  }
}

πŸ’‘ See examples/complete/ for a full working example with all resource types.

πŸ“₯ Inputs

πŸ“¦ Projects

Name Description Type Default
projects Map of projects to create map(object({...})) {}
Project object attributes
Attribute Type Required Description
name string βœ… Name of the project
description string β€” Description
version string β€” Version string
classifier string β€” Classifier (default: APPLICATION)
active bool β€” Active state (default: true)
parent string β€” UUID of parent project
tags list(string) β€” Tag names to assign
group string β€” Namespace / group / vendor

πŸ‘₯ Teams

Name Description Type Default
teams Map of teams with permissions and ACLs map(object({...})) {}
Team object attributes
Attribute Type Required Description
name string βœ… Team name
permissions list(string) β€” Permission names (e.g. BOM_UPLOAD, VIEW_PORTFOLIO)
project_acls list(string) β€” Project keys from var.projects to grant access

πŸ§‘ Users

Name Description Type Default
users Map of managed user accounts map(object({...})) {}
User object attributes
Attribute Type Required Description
username string βœ… Username
fullname string βœ… Full name
email string βœ… Email address
password string β€” Initial password (sensitive)
force_password_change bool β€” Force password change on next login
suspended bool β€” Account suspended
teams list(string) β€” Team keys from var.teams
permissions list(string) β€” Direct permission names

πŸ“œ Policies

Name Description Type Default
policies Map of compliance policies map(object({...})) {}
Policy object attributes
Attribute Type Required Description
name string βœ… Policy name
operator string βœ… Condition operator: ALL or ANY
violation string βœ… Violation state: ERROR, WARN, INFO, FAIL
conditions list(object) β€” Policy conditions (see below)
projects list(string) β€” Project keys from var.projects

Condition object:

Attribute Type Required Description
subject string βœ… Condition subject
operator string βœ… Condition operator
value string βœ… Value to compare

πŸ—„οΈ Repositories

Name Description Type Default
repositories Map of package repositories map(object({...})) {}
Repository object attributes
Attribute Type Required Description
type string βœ… Type: MAVEN, NPM, PYPI, NUGET, GEM, GITHUB, etc.
identifier string βœ… Repository identifier
url string βœ… Repository URL
enabled bool β€” Enabled (default: true)
internal bool β€” Internal repo (default: false)
username string β€” Auth username
password string β€” Auth password (sensitive)

πŸ” OIDC Groups

Name Description Type Default
oidc_groups Map of OIDC groups with team mappings map(object({...})) {}
OIDC group object attributes
Attribute Type Required Description
name string βœ… OIDC group name
teams list(string) β€” Team keys from var.teams

βš™οΈ Config & 🏷️ Tags

Name Description Type Default
config_properties Map of server config properties map(object({...})) {}
tags List of tag names to create (API v4.13+) list(string) []

πŸ“€ Outputs

Name Description
project_ids map β€” project keys β†’ DependencyTrack UUIDs
projects map β€” full project resource objects
team_ids map β€” team keys β†’ UUIDs
user_ids map β€” user keys β†’ usernames
policy_ids map β€” policy keys β†’ UUIDs
repository_ids map β€” repository keys β†’ UUIDs
oidc_group_ids map β€” OIDC group keys β†’ UUIDs
tag_ids map β€” tag names β†’ IDs

πŸ”‘ Provider Authentication

The provider must be configured in your root module (not inside the child module). Three auth methods are supported:

API Key (most common) 
provider "dependencytrack" {
  host = "https://dtrack-api.example.com"
  key  = "OS_ENV"  # reads DEPENDENCYTRACK_API_KEY env var
}
Bearer Token 
provider "dependencytrack" {
  host = "https://dtrack-api.example.com"
  auth = {
    type   = "BEARER"
    bearer = var.bearer_token
  }
}
mTLS + API Key 
provider "dependencytrack" {
  host    = "https://dtrack-api.example.com"
  key     = "OS_ENV"
  root_ca = file("${path.module}/ca.pem")
  mtls = {
    key_path  = "/opt/client.key"
    cert_path = "/opt/client.crt"
  }
}

πŸ“‹ Compatibility

Component Supported Versions
Terraform 1.0 β€” 1.14
DependencyTrack 4.11.7 Β· 4.12.7 Β· 4.13.0 β€” 4.13.6
Provider >= 1.18.0

Note: Tags (dependencytrack_tag) and project collection logic require API v4.13+.

πŸ“„ License

License: MPL 2.0

About

Terraform module for Dependency Track

gurdipsira.dev

Topics

terraform opentofu

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages