Dependency Track integration

EMBA is able to automatically upload the generated SBOM to your dependency track instance.

To be able to use the dependency track API a API key and special permissions are needed. The following screenshot shows how to create a new Team with an API key and the needed permissions:

EMBA needs the following dependency track permissions:

BOM_UPLOAD
PROJECT_CREATION_UPLOAD
VIEW_PORTFOLIO

You can find further details about the API within the dependency track documentation here.

Afterwards it should be possible to upload an SBOM via the API:

curl -X "POST" "http://<DEPENDENCY_TRACK_HOST_IP>/api/v1/bom" \
    -H 'Content-Type: multipart/form-data' \
    -H "X-Api-Key: <DEPENDENCY_TRACK_API_KEY>" \
    -F "autoCreate=true" \
    -F "projectName=testproject" \
    -F "bom=@/Path/to/your/CycloneDX-SBOM.json"

The next step is to build a configuration file for EMBA. As there is a template file available, the easiest way is to copy this file and edit it afterwards:

cp config/dependencytrack.env.template config/dependencytrack.env

In the new env file you need to adjust the following parameters:

DEPENDENCY_TRACK_HOST_IP="<insert your IP address>:8081"
DEPENDENCY_TRACK_API_KEY="<insert your API key>"

Afterwards EMBA should be able to upload the generated SBOM to you dependency track instance.

To monitor the upload process it is needed to check the log file for the Q20 module or check the logs of the quest docker container:

Have phun

EMBA - firmware security scanning at its best

Sponsor EMBA and EMBArk:

The EMBA environment is free and open source!

We put a lot of time and energy into these tools and related research to make this happen. It's now possible for you to contribute as a sponsor!

If you like EMBA you have the chance to support future development by becoming a Sponsor

Thank You ❤️ Get a Sponsor
You can also buy us some beer here ❤️ Buy me a coffee

To show your love for EMBA with nice shirts or other merch you can check our Spreadshop

EMBA - firmware security scanning at its best

Home
- Motivation
- Publications
- Referring sites and talks
  - 2026
  - 2025
  - 2024
  - 2023
  - 2022 and before
- Your Feedback
- Star history
The EMBA book
Feature overview
- OS-Support
- SBOM support
- User-mode emulator
- System emulation
- UEFI analysis
- EMBA AI integration
- Firmware diffing
- Vulnerability detection
- Linux Kernel vulnerability verification
- Toolchain identification
- Dependency Track integration
- Aggregator
- Web report
Installation
- Prerequisites
- Classic
- Developer
- Ubuntu installation notes
- Experimental WSL installation
- Dependencies
- System tools
- EMBA update
Usage
- Classic
- Launcher
- Developer
- Docker
- Arguments
- Tweaking EMBA
- Live system
Development
- Structure
- Modules
- Code quality
- Rebuilding system-emulator environment
Sponsoring EMBA
EMBA Merchandise
FAQ
EMBArk enterprise environment

Uh oh!

Dependency Track integration

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally