{"id":13463218,"url":"https://github.com/ozontech/dtrack-audit","last_synced_at":"2025-08-10T00:18:54.750Z","repository":{"id":52876843,"uuid":"214397111","full_name":"ozontech/dtrack-audit","owner":"ozontech","description":"OWASP Dependency Track API client for intergration into CI/CD pipeline","archived":false,"fork":false,"pushed_at":"2024-07-31T09:34:08.000Z","size":3626,"stargazers_count":54,"open_issues_count":12,"forks_count":16,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-08-01T07:41:32.576Z","etag":null,"topics":["component-analysis","security","security-tools","software-composition-analysis"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ozontech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-11T09:30:02.000Z","updated_at":"2025-07-13T05:54:01.000Z","dependencies_parsed_at":"2025-03-25T06:31:49.366Z","dependency_job_id":"9ff9bc97-91be-4bf9-8fde-26c023e65406","html_url":"https://github.com/ozontech/dtrack-audit","commit_stats":null,"previous_names":["ozonru/dtrack-audit"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/ozontech/dtrack-audit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ozontech%2Fdtrack-audit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ozontech%2Fdtrack-audit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ozontech%2Fdtrack-audit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ozontech%2Fdtrack-audit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ozontech","download_url":"https://codeload.github.com/ozontech/dtrack-audit/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ozontech%2Fdtrack-audit/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269656913,"owners_count":24454742,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-09T02:00:10.424Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["component-analysis","security","security-tools","software-composition-analysis"],"created_at":"2024-07-31T13:00:48.316Z","updated_at":"2025-08-10T00:18:54.693Z","avatar_url":"https://github.com/ozontech.png","language":"Go","readme":"# dtrack-audit\n[OWASP Dependency Track](https://dependencytrack.org) API client for your security CI/CD pipeline. See [Dependency-Track docs: Continuous Integration \u0026 Delivery](https://docs.dependencytrack.org/usage/cicd/) for use case.\n\n## Install\n\n### Local Installation\n\n*Go 1.16+*\n```bash\ngo install github.com/ozontech/dtrack-audit/cmd/dtrack-audit@latest\n```\n\n*Go version \u003c 1.16*\n```bash\ngo get github.com/ozontech/dtrack-audit/cmd/dtrack-audit\n```\n\n## Features\n\n* Fully configurable via environment variables\n* Async and sync modes. In async mode dtrack-audit simply sends SBOM file to DTrack API (like cURL but *in much more comfortable way*). Sync mode means: upload SBOM file, wait for the scan result, show it and exit with non-zero code. So you can break corresponding CI/CD job to make developers pay attention to findings\n* You can filter the results. With Sync mode enabled show result and fail an audit **if the results include a vulnerability with a severity of specified level or higher**. Severity levels are: critical, high, medium, low, info, unassigned\n* Auto creation of projects. With this feautre you can configure SCA (with dtrack-audit) step globally for your CI/CD and it will create project, e.g. with name from environment variable like `$CI_PROJECT_NAME`. So you don't need to configure it manually for each project\n* Support for TeamCity CI output. You can use `-T` flag to enable JSON output. After that, activate the [Golang build feature](https://www.jetbrains.com/help/teamcity/golang.html).\n\n### Sample output\n\n```bash\n$ cyclonedx-bom -o bom.xml\n$ dtrack-audit -s -g high\n\nSBOM file is successfully uploaded to DTrack API. Result token is 12345f5e-4ccb-45fe-b8fd-1234a8bf0081\n\n2 vulnerabilities found!\n\n \u003e HIGH: Arbitrary File Write\n   Component: adm-zip 0.4.7\n   More info: https://dtrack/vulnerability/?source=NPM\u0026vulnId=994\n\n \u003e CRITICAL: Prototype Pollution\n   Component: handlebars 4.0.11\n   More info: https://dtrack/vulnerability/?source=NPM\u0026vulnId=755\n```\n","funding_links":[],"categories":["Dependencies","Go","security-tools"],"sub_categories":["Serializers"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fozontech%2Fdtrack-audit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fozontech%2Fdtrack-audit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fozontech%2Fdtrack-audit/lists"}