Skip to content
OWASP Dependency Track API client for CI/CD
Branch: master
Clone or download
Taras Ivashchenko
Taras Ivashchenko That means
Latest commit 98a16bf Oct 22, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
cmd/dtrack-audit That means Oct 22, 2019
internal/dtrack Add default behaviur and env value for severity filter Oct 22, 2019
.gitignore Alpha version Oct 11, 2019
COPYING Add license file Oct 14, 2019 That means Oct 22, 2019


OWASP Dependency Track API client. See Dependency-Track docs: Continuous Integration & Delivery for use case.


Local Installation

go get


$ dtrack-audit -h

Send SBOM file to Dependency Track for audit.

Usage of program:
  -g string
        With Sync mode enabled show result and fail an audit if the results include a vulnerability with a severity of specified level or higher. Severity levels are: critical, high, medium, low, info, unassigned. Environment variable is DTRACK_SEVERITY_FILTER
  -i string
        Target SBOM file* (default "bom.xml")
  -k string
        API Key*. Environment variable is DTRACK_API_KEY
  -p string
        Project ID*. Environment variable is DTRACK_PROJECT_ID
  -s    Sync mode enabled. That means: upload SBOM file, wait for scan result, show it and exit with non-zero code
  -t int
        Max timeout in second for polling API for project findings (default 25)
  -u string
        API URL*. Environment variable is DTRACK_API_URL

Fields marked with (*) are required.

Sample output

$ cyclonedx-bom -o bom.xml
$ dtrack-audit -s -g high

SBOM file is successfully uploaded to DTrack API. Result token is 12345f5e-4ccb-45fe-b8fd-1234a8bf0081

2 vulnerabilities found!

 > HIGH: Arbitrary File Write
   Component: adm-zip 0.4.7
   More info: https://dtrack/vulnerability/?source=NPM&vulnId=994

 > CRITICAL: Prototype Pollution
   Component: handlebars 4.0.11
   More info: https://dtrack/vulnerability/?source=NPM&vulnId=755
You can’t perform that action at this time.