A CLI to Tame OWASP Dependency-Track Version Sprawl in CI/CD #5740
MedUnes
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Like many of you, I struggled with automating Dependency-Track. Using curl was messy, and my dashboard was flooded with hundreds of "Active" versions from old CI builds, destroying my metrics.
I built a small CLI tool (Go) to solve this. It handles the full life-cycle in one command:
Uploads the SBOM.
Tags the new version as Latest.
Auto-archives old versions (sets active: false) so only the deployed version counts toward risk scores.
It’s open source and works as a single binary. Hope it saves you some bash-scripting headaches!
https://github.com/medunes/dtrack-cli
Beta Was this translation helpful? Give feedback.
All reactions