-
-
Notifications
You must be signed in to change notification settings - Fork 311
Dependency Track integration
EMBA is able to automatically upload the generated SBOM to your Dependeny Track instance.

To be able to use the Dependency Track API a API key and special permissions are needed. The following screenshot shows how to create a new Team with an API key and the needed permissions:

You can find further details about the API within the Dependency Track documentation here.
Afterwards it should be possible to upload an SBOM via the API:
curl -X "POST" "http://<DEPENDENCY_TRACK_HOST_IP>/api/v1/bom" \
-H 'Content-Type: multipart/form-data' \
-H "X-Api-Key: <DEPENDENCY_TRACK_API_KEY>" \
-F "autoCreate=true" \
-F "projectName=testproject" \
-F "bom=@/Path/to/your/CycloneDX-SBOM.json"
The next step is to build a configuration file for EMBA. As there is a template file available, the easiest way is to copy this file and edit it afterwards:
cp config/dependencytrack.env.template config/dependencytrack.env
In the new env file you need to adjust the following parameters:
DEPENDENCY_TRACK_HOST_IP="<insert your IP address>:8081"
DEPENDENCY_TRACK_API_KEY="<insert your API key>"
Afterwards EMBA should be able to upload the generated SBOM to you Dependency Track instance.
Have phun
EMBA - firmware security scanning at its best
Sponsor EMBA and EMBArk:
The EMBA environment is free and open source!
We put a lot of time and energy into these tools and related research to make this happen. It's now possible for you to contribute as a sponsor!
If you like EMBA you have the chance to support future development by becoming a Sponsor
Thank You ❤️ Get a Sponsor
You can also buy us some beer here ❤️ Buy me a coffee
To show your love for EMBA with nice shirts or other merch you can check our Spreadshop
EMBA - firmware security scanning at its best
- Home
- The EMBA book
- Feature overview
- Installation
- Usage
- Development
- Sponsoring EMBA
- EMBA Merchandise
- FAQ
- EMBArk enterprise environment