From Ed.Munoz at microfocus.com Tue Nov 28 23:45:57 2017 From: Ed.Munoz at microfocus.com (Ed Munoz) Date: Tue, 28 Nov 2017 23:45:57 +0000 Subject: [Owasp_dependency_track_project] Using BOM files with ODT Message-ID: We are having trouble getting OWASP Dependency-Track (ODT) to read a Bill of Materials (BOM) file in CycloneDX format. We created a bomtest1.xml file that listed a few dependencies. It was based on the sample bom.xml here: https://github.com/CycloneDX/specification/blob/master/examples/individual-component/bom.xml We built ODT from Master, and it is up and running. We put the bomtest1.xml file here: ~/.dependency-track/dependency-check/reports ODT did not pick it up. I'm guessing that ODT only picks up OWASP Dependency-Check (ODC) reports there. Where should we put the BOM file so ODT will pick it up? Does the file have to be named bom.xml? Are there any docs explaining how to use BOM files with ODT? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: