Dependency-Track consumes and analyzes CycloneDX BOMs usually as part of a CI/CD pipeline.
Proposed Behavior
Spring Boot 3.3.0 introduced a SBOM actuator endpoint that exposes SBOMs of running applications.
It would be beneficial to analyze SBOMs of running applications in Dependency Track without a build pipeline. Actuator endpoints could be specified in the "Create Project"/"Project Details" dialogue along with authentication parameters and polling frequency.
Current Behavior
Dependency-Track consumes and analyzes CycloneDX BOMs usually as part of a CI/CD pipeline.
Proposed Behavior
Spring Boot 3.3.0 introduced a SBOM actuator endpoint that exposes SBOMs of running applications.
It would be beneficial to analyze SBOMs of running applications in Dependency Track without a build pipeline. Actuator endpoints could be specified in the "Create Project"/"Project Details" dialogue along with authentication parameters and polling frequency.
Checklist