OWASP Dependency Track API client for your security CI/CD pipeline. See Dependency-Track docs: Continuous Integration & Delivery for use case.
Go 1.16+
go install github.com/ozontech/dtrack-audit/cmd/dtrack-audit@latest
Go version < 1.16
go get github.com/ozontech/dtrack-audit/cmd/dtrack-audit
$CI_PROJECT_NAME
. So you don't need to configure it manually for each project-T
flag to enable JSON output. After that, activate the Golang build feature.$ cyclonedx-bom -o bom.xml
$ dtrack-audit -s -g high
SBOM file is successfully uploaded to DTrack API. Result token is 12345f5e-4ccb-45fe-b8fd-1234a8bf0081
2 vulnerabilities found!
> HIGH: Arbitrary File Write
Component: adm-zip 0.4.7
More info: https://dtrack/vulnerability/?source=NPM&vulnId=994
> CRITICAL: Prototype Pollution
Component: handlebars 4.0.11
More info: https://dtrack/vulnerability/?source=NPM&vulnId=755