Skip to content
GitHub no longer supports this web browser. Learn more about the browsers we support.
OWASP Dependency Track API client for CI/CD
Go
Branch: master
Clone or download
Cannot retrieve the latest commit at this time.
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cmd/dtrack-audit
internal/dtrack
.gitignore
COPYING
README.md

README.md

dtrack-audit

OWASP Dependency Track API client for your security CI/CD pipeline. See Dependency-Track docs: Continuous Integration & Delivery for use case.

Install

Local Installation

go get github.com/ozonru/dtrack-audit/cmd/dtrack-audit

Features

  • Fully configurable via environment variables
  • Async and sync modes. In async mode dtrack-audit simply sends SBOM file to DTrack API (like cURL but in much more comfortable way). Sync mode means: upload SBOM file, wait for the scan result, show it and exit with non-zero code. So you can break corresponding CI/CD job to make developers pay attention to findings
  • You can filter the results. With Sync mode enabled show result and fail an audit if the results include a vulnerability with a severity of specified level or higher. Severity levels are: critical, high, medium, low, info, unassigned
  • Auto creation of projects. With this feautre you can configure SCA (with dtrack-audit) step globally for your CI/CD and it will create project, e.g. with name from environment variable like $CI_PROJECT_NAME. So you don't need to configure it manually for each project

Sample output

$ cyclonedx-bom -o bom.xml
$ dtrack-audit -s -g high

SBOM file is successfully uploaded to DTrack API. Result token is 12345f5e-4ccb-45fe-b8fd-1234a8bf0081

2 vulnerabilities found!

 > HIGH: Arbitrary File Write
   Component: adm-zip 0.4.7
   More info: https://dtrack/vulnerability/?source=NPM&vulnId=994

 > CRITICAL: Prototype Pollution
   Component: handlebars 4.0.11
   More info: https://dtrack/vulnerability/?source=NPM&vulnId=755
You can’t perform that action at this time.