Can't find reports

[johnmcd88]

Hi,

I'm an absolute newbie to Docker, but I was able to successfully install Docker Desktop on my Windows 11 system and get the latest version of DependencyTrack up and running w/WSL 2. I've imported my SBOMs and analyzed them to identify vulnerabilities and now I'd like to produce a report. I click on 'Export VDR' under 'Audit Vulnerabilities', which I assume generates the report. My problem is that I can't find the report anywhere on my system. The instructions I can find say it's stored in a folder called '.dependency-track' under my home directory, but I can't find that folder anywhere, either in Windows or in the WSL subsystem.

Any suggestion on where the reports are being stored?

Thanks

John

[johnmcd88]

So I've been doing more research and took a look at the logs for the apiserver but I can't see anything wrong there, other than the 'PKIX path building failed' which I assume the SW can ignore. Is something supposed to happen when I clock on 'Export VDR'? I don't get any pop-ups so I assumed the report was created silently. Here are the apiserver logs:

2026-02-18 18:26:08,641 INFO [NistMirrorTask] Retrieval of nvdcve-2.0-2005.json.gz not necessary. Will use modified feed for updates.

2026-02-18 18:26:08,641 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2005.meta

2026-02-18 18:26:08,747 INFO [NistMirrorTask] Downloading...

2026-02-18 18:26:08,750 INFO [NistMirrorTask] Retrieval of nvdcve-2.0-2004.json.gz not necessary. Will use modified feed for updates.

2026-02-18 18:26:08,751 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2004.meta

2026-02-18 18:26:08,854 INFO [NistMirrorTask] Downloading...

2026-02-18 18:26:08,855 INFO [NistMirrorTask] Retrieval of nvdcve-2.0-2003.json.gz not necessary. Will use modified feed for updates.

2026-02-18 18:26:08,855 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2003.meta

2026-02-18 18:26:08,965 INFO [NistMirrorTask] Downloading...

2026-02-18 18:26:08,968 INFO [NistMirrorTask] Retrieval of nvdcve-2.0-2002.json.gz not necessary. Will use modified feed for updates.

2026-02-18 18:26:08,968 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2002.meta

2026-02-18 18:26:09,081 INFO [NistMirrorTask] Downloading...

2026-02-18 18:26:09,083 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-modified.json.gz

2026-02-18 18:26:09,218 INFO [NistMirrorTask] Downloading...

2026-02-18 18:26:09,409 INFO [NistMirrorTask] Uncompressing nvdcve-2.0-modified.json.gz

2026-02-18 18:26:09,447 INFO [NvdParser] Parsing nvdcve-2.0-modified.json

2026-02-18 18:26:32,468 INFO [PortfolioMetricsUpdateTask] Completed portfolio metrics update in 01:16:943

2026-02-18 18:26:38,366 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-modified.meta

2026-02-18 18:26:38,471 INFO [NistMirrorTask] Downloading...

2026-02-18 18:26:38,476 INFO [NistMirrorTask] NIST mirroring complete

2026-02-18 18:26:38,477 INFO [NistMirrorTask] Time spent (d/l): 3571ms

2026-02-18 18:26:38,477 INFO [NistMirrorTask] Time spent (parse): 28923ms

2026-02-18 18:26:38,479 INFO [NistMirrorTask] Time spent (total): 32817ms

2026-02-18 18:26:38,507 INFO [EpssMirrorTask] Starting EPSS mirroring task

2026-02-18 18:26:38,509 INFO [EpssMirrorTask] Initiating download of https://epss.cyentia.com/epss_scores-current.csv.gz

2026-02-18 18:26:38,748 ERROR [EpssMirrorTask] Download failed : (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

2026-02-18 18:26:38,752 INFO [EpssMirrorTask] EPSS mirroring complete

2026-02-18 18:26:38,756 INFO [EpssMirrorTask] Time spent (d/l): 0ms

2026-02-18 18:26:38,758 INFO [EpssMirrorTask] Time spent (parse): 0ms

2026-02-18 18:26:38,758 INFO [EpssMirrorTask] Time spent (total): 244ms

[nscuro]

All export / download features in the UI should cause a respective file to be downloaded by your browser.

If that is not happening, may I ask you to open your browser's developer tools, navigate to the Console tab, and then clicking the export button again? If the UI is encountering an issue that causes the download to not happen for some reason, it should appear there.

[johnmcd88]

Thank you - I opened the console and hit 'Export VDR' and I got the following error:

I think it may have something to do with the port numbers, but I'm not sure. If I point my browser to http://locahost:8081 I get the following:

[johnmcd88]

p.s. Here's my Docker Compose file for Dependency Track:

`#####################################################

This Docker Compose file contains two services

Dependency-Track API Server

Dependency-Track FrontEnd

#####################################################

services:
apiserver:
image: dependencytrack/apiserver
depends_on:
postgres:
condition: service_healthy
# The Dependency-Track container can be configured using any of the
# available configuration properties defined in:
# https://docs.dependencytrack.org/getting-started/configuration/
# All properties are upper case with periods replaced by underscores.
#
# Database Properties
# ALPINE_DATABASE_MODE: "external"
# ALPINE_DATABASE_URL: "jdbc:postgresql://postgres10:5432/dtrack"
# ALPINE_DATABASE_DRIVER: "org.postgresql.Driver"
# ALPINE_DATABASE_USERNAME: "dtrack"
# ALPINE_DATABASE_PASSWORD: "changeme"
# ALPINE_DATABASE_POOL_ENABLED: "true"
# ALPINE_DATABASE_POOL_MAX_SIZE: "20"
# ALPINE_DATABASE_POOL_MIN_IDLE: "10"
# ALPINE_DATABASE_POOL_IDLE_TIMEOUT: "300000"
# ALPINE_DATABASE_POOL_MAX_LIFETIME: "600000"
#
# Optional LDAP Properties
# ALPINE_LDAP_ENABLED: "true"
# ALPINE_LDAP_SERVER_URL: "ldap://ldap.example.com:389"
# ALPINE_LDAP_BASEDN: "dc=example,dc=com"
# ALPINE_LDAP_SECURITY_AUTH: "simple"
# ALPINE_LDAP_BIND_USERNAME: ""
# ALPINE_LDAP_BIND_PASSWORD: ""
# ALPINE_LDAP_AUTH_USERNAME_FORMAT: "%s@example.com"
# ALPINE_LDAP_ATTRIBUTE_NAME: "userPrincipalName"
# ALPINE_LDAP_ATTRIBUTE_MAIL: "mail"
# ALPINE_LDAP_GROUPS_FILTER: "(&(objectClass=group)(objectCategory=Group))"
# ALPINE_LDAP_USER_GROUPS_FILTER: "(member:1.2.840.113556.1.4.1941:={USER_DN})"
# ALPINE_LDAP_GROUPS_SEARCH_FILTER: "(&(objectClass=group)(objectCategory=Group)(cn={SEARCH_TERM}))"
# ALPINE_LDAP_USERS_SEARCH_FILTER: "(&(objectClass=user)(objectCategory=Person)(cn={SEARCH_TERM}))"
# ALPINE_LDAP_USER_PROVISIONING: "false"
# ALPINE_LDAP_TEAM_SYNCHRONIZATION: "false"
#
# Optional OpenID Connect (OIDC) Properties
# ALPINE_OIDC_ENABLED: "true"
# ALPINE_OIDC_ISSUER: "https://auth.example.com/auth/realms/example"
# ALPINE_OIDC_CLIENT_ID: ""
# ALPINE_OIDC_USERNAME_CLAIM: "preferred_username"
# ALPINE_OIDC_TEAMS_CLAIM: "groups"
# ALPINE_OIDC_USER_PROVISIONING: "true"
# ALPINE_OIDC_TEAM_SYNCHRONIZATION: "true"
#
# Optional HTTP Proxy Settings
# ALPINE_HTTP_PROXY_ADDRESS: "proxy.example.com"
# ALPINE_HTTP_PROXY_PORT: "8888"
# ALPINE_HTTP_PROXY_USERNAME: ""
# ALPINE_HTTP_PROXY_PASSWORD: ""
# ALPINE_NO_PROXY: ""
#
# Optional HTTP Outbound Connection Timeout Settings. All values are in seconds.
# ALPINE_HTTP_TIMEOUT_CONNECTION: "30"
# ALPINE_HTTP_TIMEOUT_SOCKET: "30"
# ALPINE_HTTP_TIMEOUT_POOL: "60"
#
# Optional Cross-Origin Resource Sharing (CORS) Headers
# ALPINE_CORS_ENABLED: "true"
# ALPINE_CORS_ALLOW_ORIGIN: "*"
# ALPINE_CORS_ALLOW_METHODS: "GET, POST, PUT, DELETE, OPTIONS"
# ALPINE_CORS_ALLOW_HEADERS: "Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, "
# ALPINE_CORS_EXPOSE_HEADERS: "Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count"
# ALPINE_CORS_ALLOW_CREDENTIALS: "true"
# ALPINE_CORS_MAX_AGE: "3600"
#
# Optional logging configuration
# LOGGING_LEVEL: "INFO"
# LOGGING_CONFIG_PATH: "logback.xml"
#
# Optional metrics properties
# ALPINE_METRICS_ENABLED: "true"
# ALPINE_METRICS_AUTH_USERNAME: ""
# ALPINE_METRICS_AUTH_PASSWORD: ""
#
# Optional environmental variables to enable default notification publisher templates override and set the base directory to search for templates
# DEFAULT_TEMPLATES_OVERRIDE_ENABLED: "false"
# DEFAULT_TEMPLATES_OVERRIDE_BASE_DIRECTORY: "/data"
#
# Optional configuration for the Snyk analyzer
# SNYK_THREAD_BATCH_SIZE: "10"
#
# Optional environmental variables to provide more JVM arguments to the API Server JVM, i.e. "-XX:ActiveProcessorCount=8"
#EXTRA_JAVA_OPTIONS: "-Xmx8G"
environment:
ALPINE_DATABASE_MODE: "external"
ALPINE_DATABASE_URL: "jdbc:postgresql://postgres:5432/dtrack"
ALPINE_DATABASE_DRIVER: "org.postgresql.Driver"
ALPINE_DATABASE_USERNAME: "dtrack"
ALPINE_DATABASE_PASSWORD: "dtrack"
deploy:
resources:
limits:
memory: 14g
restart_policy:
condition: on-failure
ports:
- '8081:8080'
volumes:
- 'dtrack-data:/data'
# Older versions of Podman Compose do not support the HEALTHCHECK directive
# that is defined in the image's Dockerfile. If you're using Podman and are
# facing healthcheck-related issues, try un-commenting the section below.
#
# healthcheck:
# test: [ "CMD-SHELL", "curl -f -s --max-time 3 --noproxy '' -o /dev/null http://127.0.0.1:8080$${CONTEXT}health" ]
# interval: 30s
# start_period: 60s
# timeout: 3s
restart: unless-stopped

frontend:
image: dependencytrack/frontend
depends_on:
apiserver:
condition: service_healthy
environment:
# The base URL of the API server.
# NOTE:
# * This URL must be reachable by the browsers of your users.
# * The frontend container itself does NOT communicate with the API server directly, it just serves static files.
# * When deploying to dedicated servers, please use the external IP or domain of the API server.
API_BASE_URL: "http://localhost:8081"
# OIDC_ISSUER: ""
# OIDC_CLIENT_ID: ""
# OIDC_SCOPE: ""
# OIDC_FLOW: ""
# OIDC_LOGIN_BUTTON_TEXT: ""
# volumes:
# - "/host/path/to/config.json:/app/static/config.json"
ports:
- "8081:8080"
restart: unless-stopped

postgres:
image: postgres:17-alpine
environment:
POSTGRES_DB: "dtrack"
POSTGRES_USER: "dtrack"
POSTGRES_PASSWORD: "dtrack"
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}" ]
interval: 5s
timeout: 3s
retries: 3
volumes:
- "postgres-data:/var/lib/postgresql/data"
restart: unless-stopped

volumes:
dtrack-data: {}
postgres-data: {}`