dpndncY

Install dpndncY on Linux.

dpndncY ships as one self-contained image — console, every scan engine, the Python SAST analyzers, and the JDK + Maven used for dependency resolution are all inside it. There is nothing else to install or wire up.

One-line install

On a fresh Debian/Ubuntu or RHEL/Rocky host:

install
curl -fsSL https://get.dpndncy.com | bash

The installer is idempotent. It will:

  • install Docker Engine + the compose plugin if they are missing;
  • pull the all-in-one image (ghcr.io/dpndncy/server);
  • generate APP_SECRET, a signing key, and a first admin account;
  • start the console on :8080 with a persistent data volume and a restart policy.

The generated admin credentials are printed once and saved to /var/lib/dpndncy/dpndncy.env. Change the password after first login.

Production (PostgreSQL + TLS)

For a production on-prem install with PostgreSQL and Caddy-managed TLS on your own domains:

on-prem
curl -fsSL https://get.dpndncy.com | bash -s -- --onprem

This uses the deploy/docker-compose.onprem.yml overlay. Set CONSOLE_DOMAIN, API_DOMAIN, POSTGRES_PASSWORD, APP_SECRET, and the SUPERADMIN_* values in .env first.

Why not a .deb / .rpm?

dpndncY runs three runtimes side by side — Node (API + console), Python (the SAST taint analyzers), and a JVM toolchain (Maven, for transitive resolution). Packaging and version-pinning all of that across distro families is fragile and offers nothing the image does not already give you. The container is the package: one artifact, reproducible, the same on every host.

Air-gapped / VM-only?
Use the prebuilt VM image (AMI · OVA · qcow2) — it is the same all-in-one image baked into a bootable machine image via Packer, so it boots straight into a running console with no network.

Updating

update
docker pull ghcr.io/dpndncy/server:latest
docker rm -f dpndncy
curl -fsSL https://get.dpndncy.com | bash   # re-runs with the existing env + volume