[Owasp_dependency_track_project] Using BOM files with ODT

Ed Munoz Ed.Munoz at microfocus.com
Tue Nov 28 23:45:57 UTC 2017


We are having trouble getting OWASP Dependency-Track (ODT) to read a Bill of Materials (BOM) file in CycloneDX format. We created a bomtest1.xml file that listed a few dependencies. It was based on the sample bom.xml here: https://github.com/CycloneDX/specification/blob/master/examples/individual-component/bom.xml

We built ODT from Master, and it is up and running. We put the bomtest1.xml file here: ~/.dependency-track/dependency-check/reports

ODT did not pick it up. I'm guessing that ODT only picks up OWASP Dependency-Check (ODC) reports there. Where should we put the BOM file so ODT will pick it up? Does the file have to be named bom.xml? Are there any docs explaining how to use BOM files with ODT? Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_dependency_track_project/attachments/20171128/ffa7ac54/attachment.html>


More information about the Owasp_dependency_track_project mailing list