Go client library for OWASP Dependency-Track
client-go is a Go library to interact with Dependency-Track's REST API, making it easy to implement custom automation around Dependency-Track.
Example use-cases include:
- Interacting with Dependency-Track in CI/CD pipelines
- e.g. to implement quality gates, or generate build reports
- Uploading BOMs of various origins
- e.g. from all containers running in a Kubernetes cluster, see sbom-operator
- Reacting to Webhook notifications
- e.g. to automate analysis decisions on findings, see dtapac
- Reporting and tracking of portfolio metrics in specialized systems
- e.g. to expose metrics to time-series databases like Prometheus, see dependency-track-exporter
go get github.com/futurice/dependency-track-client-go
client-go Version | Go Version | Dependency-Track Version |
---|---|---|
v0.8.0 | 1.18+ | 4.0.0+ |
v0.9.0+ | 1.19+ | 4.0.0+ |
Please refer to the documentation.
client-go primarily covers those parts of the Dependency-Track API that the community has an explicit need for. If you'd like to use this library, and your desired functionality is not yet available, please consider creating a PR.