Like many of you, I struggled with automating Dependency-Track. Using curl was messy, and my dashboard was flooded with hundreds of "Active" versions from old CI builds, destroying my metrics.
I built a small CLI tool (Go) to solve this. It handles the full lifecycle in one command:
Uploads the SBOM.
Tags the new version as Latest.
Auto-archives old versions (sets active: false) so only the deployed version counts toward risk scores.
It’s open source and works as a single binary (or Docker image). Hope it saves you some bash-scripting headaches!
I built a small CLI tool (Go) to solve this. It handles the full lifecycle in one command:
Uploads the SBOM.
Tags the new version as Latest.
Auto-archives old versions (sets active: false) so only the deployed version counts toward risk scores.
It’s open source and works as a single binary (or Docker image). Hope it saves you some bash-scripting headaches!
Repo: https://github.com/MedUnes/dtrack-cli