Skip to content

Dependency Track integration

Michael Messner edited this page Nov 21, 2025 · 13 revisions

EMBA is able to automatically upload the generated SBOM to your Dependeny Track instance.

image

To be able to use the Dependency Track API a API key and special permissions are needed. The following screenshot shows how to create a new Team with an API key and the needed permissions: image

You can find further details about the API within the Dependency Track documentation here.

Afterwards it should be possible to upload an SBOM via the API:

curl -X "POST" "http://<DEPENDENCY_TRACK_HOST_IP>/api/v1/bom" \
    -H 'Content-Type: multipart/form-data' \
    -H "X-Api-Key: <DEPENDENCY_TRACK_API_KEY>" \
    -F "autoCreate=true" \
    -F "projectName=testproject" \
    -F "bom=@/Path/to/your/CycloneDX-SBOM.json" 

The next step is to build a configuration file for EMBA. As there is a template file available, the easiest way is to copy this file and edit it afterwards:

cp config/dependencytrack.env.template config/dependencytrack.env 

In the new env file you need to adjust the following parameters:

DEPENDENCY_TRACK_HOST_IP="<insert your IP address>:8081"
DEPENDENCY_TRACK_API_KEY="<insert your API key>"

Afterwards EMBA should be able to upload the generated SBOM to you Dependency Track instance.

Have phun

Clone this wiki locally