From 41bead86cd98e4d16321daa63719714ee0af2c8e Mon Sep 17 00:00:00 2001
From: sigu <sigu@podiihq.com>
Date: Tue, 17 Nov 2020 08:38:02 +0300
Subject: [PATCH] bom analysis tool deployment docs

---
 README.md                  |  4 ++++
 docs/dependancy-tracker.md | 30 ++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 docs/dependancy-tracker.md

diff --git a/README.md b/README.md
index 035c759..c0ec22a 100644
--- a/README.md
+++ b/README.md
@@ -52,11 +52,15 @@ sbom                   Create SBOM file for hex and npm deps
 ## Generating SBOM file
 To generate an sbom file, use the make task `make sbom` to generate an `sbom.xml` file on the project root
 
+## BOM analysis tool
+If you want to deploy your own bom analysis tool, you can [follow this instructions](./docs/dependancy-tracker.md) to get set up
+
 ## Deployment to GCP
 
 Instructions to deployment can be found on [deployment docs](./docs/deployment.md)
 
 
+
 ## Adding status
 You can add your project status as markdown content by adding a markdown file to the `/status` directory.
 
diff --git a/docs/dependancy-tracker.md b/docs/dependancy-tracker.md
new file mode 100644
index 0000000..919a834
--- /dev/null
+++ b/docs/dependancy-tracker.md
@@ -0,0 +1,30 @@
+# Dependancy track
+Dependency-Track is an intelligent Software Supply Chain Component Analysis platform
+that allows organizations to identify and reduce risk from the use of third-party and open source components
+
+## Deployment of the tracker to a virtual machine
+Owasp provides a [docker image](https://hub.docker.com/r/owasp/dependency-track) that can be used to do deploy the application on to a virtual machine.
+
+1. Create a virtual machine with the following specifications:
+
+      | Minimum     | Recommended |
+      |-------------|-------------|
+      | 4.5GB RAM   | 16GB RAM    |
+      | 2 CPU cores | 4 CPU cores |
+
+2. SSH into the virtual machine created
+3. Install docker and ensure its running
+4. run the following commands in sequence to start the tracker
+
+```shell
+docker pull owasp/dependency-track
+docker volume create --name dependency-track
+docker run -d -m 8192m -p 8080:8080 --name dependency-track -v dependency-track:/data owasp/dependency-track
+```
+## Running on your local machine
+It is possible to run the tracker on your local computer but you should note that it requires a significant resources as listed above.
+If you have docker running your computer, run the commands on step 4 above to get the tracker running
+
+## Troubleshooting
+The commands above have been picked directly from   [owasp docker image page](https://hub.docker.com/r/owasp/dependency-track) so if you
+are having trouble, visit that page to ensure the commands and requirements above are not outdated