forked from DependencyTrack/dependency-track
-
Notifications
You must be signed in to change notification settings - Fork 0
/
application.properties
469 lines (400 loc) · 21.4 KB
/
application.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
############################ Alpine Configuration ###########################
# Required
# Defines the number of worker threads that the event subsystem will consume.
# Events occur asynchronously and are processed by the Event subsystem. This
# value should be large enough to handle most production situations without
# introducing much delay, yet small enough not to pose additional load on an
# already resource-constrained server.
# A value of 0 will instruct Alpine to allocate 1 thread per CPU core. This
# can further be tweaked using the alpine.worker.thread.multiplier property.
# Default value is 0.
alpine.worker.threads=0
# Required
# Defines a multiplier that is used to calculate the number of threads used
# by the event subsystem. This property is only used when alpine.worker.threads
# is set to 0. A machine with 4 cores and a multiplier of 4, will use (at most)
# 16 worker threads. Default value is 4.
alpine.worker.thread.multiplier=4
# Required
# Defines the maximum duration for which Dependency-Track will wait for queued
# events and notifications to be processed when shutting down.
# During shutdown, newly dispatched events will not be accepted.
# The duration must be specified in ISO 8601 notation (https://en.wikipedia.org/wiki/ISO_8601#Durations).
alpine.worker.pool.drain.timeout.duration=PT5S
# Required
# Defines the path to the data directory. This directory will hold logs,
# keys, and any database or index files along with application-specific
# files or directories.
alpine.data.directory=~/.dependency-track
# Optional
# Defines the path to the secret key to be used for data encryption and decryption.
# The key will be generated upon first startup if it does not exist.
# Default is "<alpine.data.directory>/keys/secret.key".
# alpine.secret.key.path=/var/run/secrets/secret.key
# Optional
# Defines the prefix to be used for API keys. A maximum prefix length of 251
# characters is supported.
# The prefix may also be left empty.
alpine.api.key.prefix=odt_
# Required
# Defines the interval (in seconds) to log general heath information.
# If value equals 0, watchdog logging will be disabled.
alpine.watchdog.logging.interval=0
# Required
# Defines the database mode of operation. Valid choices are:
# 'server', 'embedded', and 'external'.
# In server mode, the database will listen for connections from remote
# hosts. In embedded mode, the system will be more secure and slightly
# faster. External mode should be used when utilizing an external
# database server (i.e. mysql, postgresql, etc).
alpine.database.mode=embedded
# Optional
# Defines the TCP port to use when the database.mode is set to 'server'.
alpine.database.port=9092
# Required
# Specifies the JDBC URL to use when connecting to the database.
alpine.database.url=jdbc:h2:~/.dependency-track/db
# Required
# Specifies the JDBC driver class to use.
alpine.database.driver=org.h2.Driver
# Optional
# Specifies the path (including filename) to where the JDBC driver is located.
# alpine.database.driver.path=/path/to/dbdriver.jar
# Optional
# Specifies the username to use when authenticating to the database.
alpine.database.username=sa
# Optional
# Specifies the password to use when authenticating to the database.
# alpine.database.password=
# Optional
# Specifies a path to the file holding the database password.
# To be used as alternative to alpine.database.password.
# alpine.database.password.file=
# Optional
# Specifies if the database connection pool is enabled.
alpine.database.pool.enabled=true
# Optional
# This property controls the maximum size that the pool is allowed to reach,
# including both idle and in-use connections.
# The property can be set globally for both transactional and non-transactional
# connection pools, or for each pool type separately. When both global and pool-specific
# properties are set, the pool-specific properties take precedence.
alpine.database.pool.max.size=20
# alpine.database.pool.tx.max.size=
# alpine.database.pool.nontx.max.size=
# Optional
# This property controls the minimum number of idle connections in the pool.
# This value should be equal to or less than alpine.database.pool.max.size.
# Warning: If the value is less than alpine.database.pool.max.size,
# alpine.database.pool.idle.timeout will have no effect.
# The property can be set globally for both transactional and non-transactional
# connection pools, or for each pool type separately. When both global and pool-specific
# properties are set, the pool-specific properties take precedence.
alpine.database.pool.min.idle=10
# alpine.database.pool.tx.min.idle=
# alpine.database.pool.nontx.min.idle=
# Optional
# This property controls the maximum amount of time that a connection is
# allowed to sit idle in the pool.
# The property can be set globally for both transactional and non-transactional
# connection pools, or for each pool type separately. When both global and pool-specific
# properties are set, the pool-specific properties take precedence.
alpine.database.pool.idle.timeout=300000
# alpine.database.pool.tx.idle.timeout=
# alpine.database.pool.nontx.idle.timeout=
# Optional
# This property controls the maximum lifetime of a connection in the pool.
# An in-use connection will never be retired, only when it is closed will
# it then be removed.
# The property can be set globally for both transactional and non-transactional
# connection pools, or for each pool type separately. When both global and pool-specific
# properties are set, the pool-specific properties take precedence.
alpine.database.pool.max.lifetime=600000
# alpine.database.pool.tx.max.lifetime=
# alpine.database.pool.nontx.max.lifetime=
# Optional
# Controls the 2nd level cache type used by DataNucleus, the Object Relational Mapper (ORM).
# See https://www.datanucleus.org/products/accessplatform_6_0/jdo/persistence.html#cache_level2
# Values supported by Dependency-Track are "soft" (default), "weak", and "none".
#
# Setting this property to "none" may help in reducing the memory footprint of Dependency-Track,
# but has the potential to slow down database operations.
# Size of the cache may be monitored through the "datanucleus_cache_second_level_entries" metric,
# refer to https://docs.dependencytrack.org/getting-started/monitoring/#metrics for details.
#
# DO NOT CHANGE UNLESS THERE IS A GOOD REASON TO.
# alpine.datanucleus.cache.level2.type=
# Required
# Specifies the number of bcrypt rounds to use when hashing a users password.
# The higher the number the more secure the password, at the expense of
# hardware resources and additional time to generate the hash.
alpine.bcrypt.rounds=14
# Required
# Defines if LDAP will be used for user authentication. If enabled,
# alpine.ldap.* properties should be set accordingly.
alpine.ldap.enabled=false
# Optional
# Specifies the LDAP server URL
# Example (Microsoft Active Directory):
# alpine.ldap.server.url=ldap://ldap.example.com:3268
# alpine.ldap.server.url=ldaps://ldap.example.com:3269
# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
# alpine.ldap.server.url=ldap://ldap.example.com:389
# alpine.ldap.server.url=ldaps://ldap.example.com:636
alpine.ldap.server.url=ldap://ldap.example.com:389
# Optional
# Specifies the base DN that all queries should search from
alpine.ldap.basedn=dc=example,dc=com
# Optional
# Specifies the LDAP security authentication level to use. Its value is one of
# the following strings: "none", "simple", "strong". If this property is empty
# or unspecified, the behaviour is determined by the service provider.
alpine.ldap.security.auth=simple
# Optional
# If anonymous access is not permitted, specify a username with limited access
# to the directory, just enough to perform searches. This should be the fully
# qualified DN of the user.
alpine.ldap.bind.username=
# Optional
# If anonymous access is not permitted, specify a password for the username
# used to bind.
alpine.ldap.bind.password=
# Optional
# Specifies if the username entered during login needs to be formatted prior
# to asserting credentials against the directory. For Active Directory, the
# userPrincipal attribute typically ends with the domain, whereas the
# samAccountName attribute and other directory server implementations do not.
# The %s variable will be substitued with the username asserted during login.
# Example (Microsoft Active Directory):
# alpine.ldap.auth.username.format=%[email protected]
# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
# alpine.ldap.auth.username.format=%s
alpine.ldap.auth.username.format=%[email protected]
# Optional
# Specifies the Attribute that identifies a users ID
# Example (Microsoft Active Directory):
# alpine.ldap.attribute.name=userPrincipalName
# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
# alpine.ldap.attribute.name=uid
alpine.ldap.attribute.name=userPrincipalName
# Optional
# Specifies the LDAP attribute used to store a users email address
alpine.ldap.attribute.mail=mail
# Optional
# Specifies the LDAP search filter used to retrieve all groups from the
# directory.
# Example (Microsoft Active Directory):
# alpine.ldap.groups.filter=(&(objectClass=group)(objectCategory=Group))
# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
# alpine.ldap.groups.filter=(&(objectClass=groupOfUniqueNames))
alpine.ldap.groups.filter=(&(objectClass=group)(objectCategory=Group))
# Optional
# Specifies the LDAP search filter to use to query a user and retrieve a list
# of groups the user is a member of. The {USER_DN} variable will be substituted
# with the actual value of the users DN at runtime.
# Example (Microsoft Active Directory):
# alpine.ldap.user.groups.filter=(&(objectClass=group)(objectCategory=Group)(member={USER_DN}))
# Example (Microsoft Active Directory - with nested group support):
# alpine.ldap.user.groups.filter=(member:1.2.840.113556.1.4.1941:={USER_DN})
# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
# alpine.ldap.user.groups.filter=(&(objectClass=groupOfUniqueNames)(uniqueMember={USER_DN}))
alpine.ldap.user.groups.filter=(member:1.2.840.113556.1.4.1941:={USER_DN})
# Optional
# Specifies the LDAP search filter used to search for groups by their name.
# The {SEARCH_TERM} variable will be substituted at runtime.
# Example (Microsoft Active Directory):
# alpine.ldap.groups.search.filter=(&(objectClass=group)(objectCategory=Group)(cn=*{SEARCH_TERM}*))
# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
# alpine.ldap.groups.search.filter=(&(objectClass=groupOfUniqueNames)(cn=*{SEARCH_TERM}*))
alpine.ldap.groups.search.filter=(&(objectClass=group)(objectCategory=Group)(cn=*{SEARCH_TERM}*))
# Optional
# Specifies the LDAP search filter used to search for users by their name.
# The {SEARCH_TERM} variable will be substituted at runtime.
# Example (Microsoft Active Directory):
# alpine.ldap.users.search.filter=(&(objectClass=group)(objectCategory=Group)(cn=*{SEARCH_TERM}*))
# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
# alpine.ldap.users.search.filter=(&(objectClass=inetOrgPerson)(cn=*{SEARCH_TERM}*))
alpine.ldap.users.search.filter=(&(objectClass=user)(objectCategory=Person)(cn=*{SEARCH_TERM}*))
# Optional
# Specifies if mapped LDAP accounts are automatically created upon successful
# authentication. When a user logs in with valid credentials but an account has
# not been previously provisioned, an authentication failure will be returned.
# This allows admins to control specifically which ldap users can access the
# system and which users cannot. When this value is set to true, a local ldap
# user will be created and mapped to the ldap account automatically. This
# automatic provisioning only affects authentication, not authorization.
alpine.ldap.user.provisioning=false
# Optional
# This option will ensure that team memberships for LDAP users are dynamic and
# synchronized with membership of LDAP groups. When a team is mapped to an LDAP
# group, all local LDAP users will automatically be assigned to the team if
# they are a member of the group the team is mapped to. If the user is later
# removed from the LDAP group, they will also be removed from the team. This
# option provides the ability to dynamically control user permissions via an
# external directory.
alpine.ldap.team.synchronization=false
# Optional
# HTTP proxy. If the address is set, then the port must be set too.
# alpine.http.proxy.address=proxy.example.com
# alpine.http.proxy.port=8888
# alpine.http.proxy.username=
# alpine.http.proxy.password=
# alpine.no.proxy=localhost,127.0.0.1
# Optional
# HTTP Outbound Connection Timeout Settings. All values are in seconds.
# alpine.http.timeout.connection=30
# alpine.http.timeout.socket=30
# alpine.http.timeout.pool=60
# Optional
# Cross-Origin Resource Sharing (CORS) headers to include in REST responses.
# If 'alpine.cors.enabled' is true, CORS headers will be sent, if false, no
# CORS headers will be sent.
# See Also: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
# The following are default values
# alpine.cors.enabled=true
# alpine.cors.allow.origin=*
# alpine.cors.allow.methods=GET POST PUT DELETE OPTIONS
# alpine.cors.allow.headers=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *
# alpine.cors.expose.headers=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count
# alpine.cors.allow.credentials=true
# alpine.cors.max.age=3600
# Optional
# Defines whether Prometheus metrics will be exposed.
# If enabled, metrics will be available via the /metrics endpoint.
alpine.metrics.enabled=false
# Optional
# Defines the username required to access metrics.
# Has no effect when alpine.metrics.auth.password is not set.
alpine.metrics.auth.username=
# Optional
# Defines the password required to access metrics.
# Has no effect when alpine.metrics.auth.username is not set.
alpine.metrics.auth.password=
# Required
# Defines if OpenID Connect will be used for user authentication.
# If enabled, alpine.oidc.* properties should be set accordingly.
alpine.oidc.enabled=false
# Optional
# Defines the client ID to be used for OpenID Connect.
# The client ID should be the same as the one configured for the frontend,
# and will only be used to validate ID tokens.
alpine.oidc.client.id=
# Optional
# Defines the issuer URL to be used for OpenID Connect.
# This issuer MUST support provider configuration via the /.well-known/openid-configuration endpoint.
# See also:
# - https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
# - https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
alpine.oidc.issuer=
# Optional
# Defines the name of the claim that contains the username in the provider's userinfo endpoint.
# Common claims are "name", "username", "preferred_username" or "nickname".
# See also: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
alpine.oidc.username.claim=name
# Optional
# Specifies if mapped OpenID Connect accounts are automatically created upon successful
# authentication. When a user logs in with a valid access token but an account has
# not been previously provisioned, an authentication failure will be returned.
# This allows admins to control specifically which OpenID Connect users can access the
# system and which users cannot. When this value is set to true, a local OpenID Connect
# user will be created and mapped to the OpenID Connect account automatically. This
# automatic provisioning only affects authentication, not authorization.
alpine.oidc.user.provisioning=false
# Optional
# This option will ensure that team memberships for OpenID Connect users are dynamic and
# synchronized with membership of OpenID Connect groups or assigned roles. When a team is
# mapped to an OpenID Connect group, all local OpenID Connect users will automatically be
# assigned to the team if they are a member of the group the team is mapped to. If the user
# is later removed from the OpenID Connect group, they will also be removed from the team. This
# option provides the ability to dynamically control user permissions via the identity provider.
# Note that team synchronization is only performed during user provisioning and after successful
# authentication.
alpine.oidc.team.synchronization=false
# Optional
# Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint.
# The claim must be an array of strings. Most public identity providers do not support group or role management.
# When using a customizable / on-demand hosted identity provider, name, content, and inclusion in the userinfo endpoint
# will most likely need to be configured.
alpine.oidc.teams.claim=groups
# Optional
# Defines one or more team names that auto-provisioned OIDC users shall be added to.
# Multiple team names may be provided as comma-separated list.
# Has no effect when alpine.oidc.user.provisioning=false, or alpine.oidc.team.synchronization=true.
alpine.oidc.teams.default=
# Optional
# Define whether system requirement check is enable.
# The default value is true.
system.requirement.check.enabled=true
# Optional
# Defines the size of the thread pool used to perform requests to the Snyk API in parallel.
# The thread pool will only be used when Snyk integration is enabled.
# A high number may result in quicker exceeding of API rate limits,
# while a number that is too low may result in vulnerability analyses taking longer.
snyk.thread.pool.size=10
# Optional
# Defines the maximum amount of retries to perform for each request to the Snyk API.
# Retries are performed with increasing delays between attempts using an exponential backoff strategy.
# The initial duration defined in snyk.retry.backoff.initial.duration.ms will be
# multiplied with the value defined in snyk.retry.backoff.multiplier after each retry attempt,
# until the maximum duration defined in snyk.retry.backoff.max.duration.ms is reached.
snyk.retry.max.attempts=10
# Optional
# Defines the multiplier for the exponential backoff retry strategy.
snyk.retry.backoff.multiplier=2
# Optional
# Defines the duration in milliseconds to wait before attempting the first retry.
snyk.retry.backoff.initial.duration.ms=1000
# Optional
# Defines the maximum duration in milliseconds to wait before attempting the next retry.
snyk.retry.backoff.max.duration.ms=60000
# Optional
#Defines the maximum number of purl sent in a single request to OSS Index.
# The default value is 128.
ossindex.request.max.purl=128
# Optional
# Defines the maximum amount of retries to perform for each request to the OSS Index API.
# Retries are performed with increasing delays between attempts using an exponential backoff strategy.
# The initial duration defined in ossindex.retry.backoff.initial.duration.ms will be
# multiplied with the value defined in ossindex.retry.backoff.multiplier after each retry attempt,
# until the maximum duration defined in ossindex.retry.backoff.max.duration.ms is reached.
ossindex.retry.max.attempts=10
# Optional
# Defines the multiplier for the exponential backoff retry strategy.
ossindex.retry.backoff.multiplier=2
# Optional
# Defines the maximum duration in milliseconds to wait before attempting the next retry.
ossindex.retry.backoff.max.duration.ms=600000
# Optional
# Defines the maximum amount of retries to perform for each request to the Trivy API.
# Retries are performed with increasing delays between attempts using an exponential backoff strategy.
# The initial duration defined in trivy.retry.backoff.initial.duration.ms will be
# multiplied with the value defined in trivy.retry.backoff.multiplier after each retry attempt,
# until the maximum duration defined in trivy.retry.backoff.max.duration.ms is reached.
trivy.retry.max.attempts=10
# Optional
# Defines the multiplier for the exponential backoff retry strategy.
trivy.retry.backoff.multiplier=2
# Optional
# Defines the duration in milliseconds to wait before attempting the first retry.
trivy.retry.backoff.initial.duration.ms=1000
# Optional
# Defines the maximum duration in milliseconds to wait before attempting the next retry.
trivy.retry.backoff.max.duration.ms=60000
# Optional
# This flag activate the cache stampede blocker for the repository meta analyzer allowing to handle high concurrency workloads when there
# is a high ratio of duplicate components which can cause unnecessary external calls and index violation on PUBLIC.REPOSITORY_META_COMPONENT_COMPOUND_IDX during cache population.
# The default value is true.
repo.meta.analyzer.cacheStampedeBlocker.enabled=true
# Optional
# The cache stampede blocker use a striped (partitioned) lock to distribute locks across keys.
# This parameter defines the number of bucket used by the striped lock. The lock used for a given key is derived from the key hashcode and number of buckets.
# This value should be set according to your portfolio profile (i.e. number of projects and proportion of duplicates).
# Too few buckets and an unbalanced portfolio (i.e. high number of purl going to the same partition) can lead to forced serialization
# Too much buckets can lead to unnecessary memory usage. Note that the memory footprint of Striped Lock is 32 * (nbOfBuckets * 1) Bytes.
# A value between 1_000 (~32 KB) and 1_000_000 (~32 MB) seems reasonable.
# The default value is 1000 (~32KB).
repo.meta.analyzer.cacheStampedeBlocker.lock.buckets=1000
# Optional
# Defines the maximum number of attempts used by Resilience4J for exponential backoff retry regarding repo meta analyzer cache loading per key.
# The default value is 10.
repo.meta.analyzer.cacheStampedeBlocker.max.attempts=10