dtrack-audit
dtrack-audit copied to clipboard
ozontech
OWASP Dependency Track API client for intergration into CI/CD pipeline
I propose to add a new environment, `DTRACK_PROJECT_TAGS`. Setting it to `tag1 tag2` would call: ``` PATCH /api/v1/project/ {"tags": [{"name": "tag1"}, {"name": "tag2"}]} ``` after creating or updating the project.
By including the project's UUID in the console output, a direct link to the project in Dependency Track can be easily constructed. This link can be, for example, added as...
It would be great to have an option to check for policy violations instead of findings.
It seems like a common approach to have a project in DependencyTrack but having to know the version to look it up seems too restrictive. This PR allows you to...
How to reproduce: ``` docker run -it --rm node:lts-alpine /bin/sh apk add --no-cache git go export GOROOT=/usr/lib/go export GOPATH=/go export PATH=/go/bin:$PATH go install github.com/ozontech/dtrack-audit/cmd/dtrack-audit@latest ``` Go version: 1.17.4-r0 Error: ```...
[Dependency Track v3.2.0 introduced the PROJECT_CREATION_UPLOAD permission](https://docs.dependencytrack.org/changelog/) that reduced the access that PORTFOLIO_MANAGEMENT gave. I get the following error upon upload of a BOM for a non-existing project: ```console $...
It's not obvious to me how to run the program locally: ```shell $ git clone https://github.com/ozonru/dtrack-audit.git Cloning into 'dtrack-audit'... remote: Enumerating objects: 104, done. remote: Counting objects: 100% (104/104), done....
