Dependency-Track logov4.10

Dependency-Track uses ~/.dependency-track on UNIX/Linux systems and .dependency-track in the current users home directory on Windows machines. This directory, referred to as the data directory, contains the NIST NVD mirror, embedded database files, application and audit logs, as well as keys used during normal operation, such as validating JWT tokens. It is essential that best practices are followed to secure the data directory.

The data directory includes:

Content Purpose
db.mv.db Embedded H2 database
dependency-track.log Application log
dependency-track-audit.log Application audit log
first Mirror of EPSS score data
id.system Randomly generated system identifier
index Internal search engine index
keys Keys used to generate/verify JWT tokens
nist Mirror of the NVD and CPE dictionary
server.log Embedded Jetty server log
vulndb Mirror of VulnDB