Dependency Track
Reporter component that uploads CycloneDX SBOMs to Dependency-Track and transforms the found vulnerabilities to OCSF.
How to use
Open-Source
This component is only available in the Smithy SaaS
SaaS
- In the Smithy UI, open the page to create a new workflow.
- Configure any workflow that produces vulnerabilities (e.g. sast, sca, container scanner etc)
- Find the Dependency Track component in the reporters dropdown.
- Fill the form on the right
Options
You can configure this component with the following options:
| Option Name | Description | Default | Type |
|---|---|---|---|
| dependencytrack_base_url | URL of your DependencyTrack instance | "" | String |
| dependencytrack_api_token | API token for your DependencyTrack instance | "" | String |
| project_name | Project name on Dependency Track | "" | String |
| project_version | Project version on Dependency Track | "" | String |
| sbom_file_path | filepath of the SBOM that you want to upload to Dependency Track | "" | String |