Automating Software Supply Chain Security with Dependency-Track on EKS

[sridhar-modalavalasa]

Description: Automating Software Supply Chain Security with Dependency-Track on EKS

This PR introduces a comprehensive, end-to-end technical guide for implementing OWASP Dependency-Track within an AWS ecosystem. It focuses on scaling SBOM (Software Bill of Materials) management across enterprise-scale environments (200+ repositories) using modern DevSecOps practices.

Key Coverage Areas:

• The "Why" of SBOMs: Understanding their role in proactive supply chain defense.
• Infrastructure-as-Code & EKS: Deep dive into deploying Dependency-Track using Helm, Amazon Aurora PostgreSQL, ALB, and AWS WAF.
• Production Hardening: Specific configurations for JVM tuning, Kubernetes security contexts, and secure secret handling via External Secrets Operator (ESO).
• Enterprise Automation: A three-tier GitHub Actions pattern (Caller → Shared → Script) designed for reusability and maintainability.
• Multi-Stack Support: Specialized generation strategies for Java, Python, Node.js, Mobile (Android/iOS), and Docker.
• Field Lessons: Real-world troubleshooting regarding multipart API uploads and complex SBOM merging.
• Observability: Implementing guaranteed reporting in CI/CD via GitHub Actions job summaries and shell traps.

---

PR Checklist:

• Author Attribution: I have been added to the list of authors correctly.
• Asset Management: All images used in the post are located in the assets/ folder.
• Internal Review: This article has undergone internal review prior to this PR.
• Integrity: I have not modified any previously published articles.
• Local Verification: I have double-checked the changes locally at http://127.0.0.1:4000/ using bundle exec jekyll serve.
• Build Quality: The changes generate no new errors or warnings.