[](https://github.com/thinksabin/DTrackAuditor/actions/workflows/scorecard.yml)
[](https://securityscorecards.dev/viewer/?uri=github.com/thinksabin/DTrackAuditor/)
# DTrackAuditor
DTrackAuditor is the python script to ease usage of [DependencyTrack](https://dependencytrack.org/) in the CI, optionally failing the build based on different parameters.
# Development and Tests
* python 3.11.8
* DependencyTrack 4.10
### Features
1. Auto mode for project creation given project name and version. Creates new project with version if already not found.
2. Auto mode useful for CI pipeline.
3. Optional filename path. Default is bom.xml
4. Filter based on severity type (critical, high, medium, low, unassigned) and numbers, e.g.: if number of critical is higher or equal to 10.
5. Check policy violations and fail if any found.
6. Return 0 or 1 exit status for Auto mode.
### Recommended usage
* For the latest update use clone this repo and use it as your preference.
### Quick Install
* Pypi
```
thinksabin@DESKTOP:~$ pip install dtrack-auditor
thinksabin@DESKTOP:~$ dtrackauditor
```
* Docker image
```
docker pull thinksabin/dtrackauditor:latest
```
* Git
```
git clone https://github.com/thinksabin/DTrackAuditor.git
```
### Usage
#### Basic Usage
* As a script:
```
python3 dtrackauditor.py \
-u 'http://mydtrack.local:8080' \
-k 'mydtrackapikey' \
-p myweb -v 1.0.0 \
-f myweb/target/bom.xml \
-a
```
```
(.venv) PS C:\Users\dells\OneDrive\Documents\GitHub\DTrackAuditor\dtrackauditor> ..\.venv\Scripts\python.exe .\dtrackauditor.py -a -u 'http://mydtrack.local:8080' -k 'mydtrackapikey' -p ddweb -v 1.0.0 -f .\test\bom.xml --wait
```
If environment variable for `DTRACK_SERVER` and `DTRACK_API_KEY` are present then the usage can be direct:
```
python3 dtrackauditor.py -p myweb -v 1.0.0 -a
```
If your DependencyTrack server is exposed through an HTTPS listener (e.g.
using an nginx or apache web-server as a reverse proxy for the UI and API
servers), and if this setup uses self-signed certificates or those issued by
a private (corporate) Certificate Authority, you may benefit from passing
a path to PEM file with the trust chain using `DTRACK_SERVER_CERTCHAIN`
environment variable or the `-C`/`--certchain` command-line argument.
Such argument may also be `none` to trust any HTTPS server blindly.
* As a Docker container:
```
docker run --rm -v $PWD:/tmp \
thinksabin/dtrackauditor -- \
required parameters as examples
```
#### Vulnerability Rules
Auto mode for CI/CD with support for rules.
```
python3 dtrackauditor.py \
-u http://mydtrack.local:8080 \
-k mydtrackapikey \
-p hello \
-v 8.0.0 \
-a \
-r critical:1:true,high:2:true,medium:10:true,low:10:false
```
The rules are a list of:
```
<severity>:<count>:<action>
```
Where:
* severity: Either `critical`, `high`, `medium`, `low`, or `unassigned`
* count: If the count of the issues for the `severity` is greater or equal, trigger `action`
* action: `true` to fail the test, `false` to just display a warning (default is `true`)
#### Policy Violations
DtrackAuditor return with code 1 (fails the test) in case any Policy Violations detected. This feature is not configurable and cannot be disabled using command line options.
# For enhancement
Please create issues for bug reports and suggestions. Thanks.
Raw data
{
"_id": null,
"home_page": "https://github.com/thinksabin/DTrackAuditor",
"name": "dtrack-auditor",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7.0",
"maintainer_email": null,
"keywords": null,
"author": "thinksabin",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/c7/0f/bd0bc6ecf77b002c5af174c82d74c2d6b1adb19f883399f2cbf6576bd582/dtrack_auditor-1.5.0.tar.gz",
"platform": null,
"description": "\n[](https://github.com/thinksabin/DTrackAuditor/actions/workflows/scorecard.yml)\n[](https://securityscorecards.dev/viewer/?uri=github.com/thinksabin/DTrackAuditor/)\n# DTrackAuditor\n\nDTrackAuditor is the python script to ease usage of [DependencyTrack](https://dependencytrack.org/) in the CI, optionally failing the build based on different parameters.\n\n# Development and Tests\n\n* python 3.11.8\n* DependencyTrack 4.10\n\n### Features \n\n1. Auto mode for project creation given project name and version. Creates new project with version if already not found.\n2. Auto mode useful for CI pipeline.\n3. Optional filename path. Default is bom.xml\n4. Filter based on severity type (critical, high, medium, low, unassigned) and numbers, e.g.: if number of critical is higher or equal to 10.\n5. Check policy violations and fail if any found.\n6. Return 0 or 1 exit status for Auto mode.\n\n### Recommended usage\n* For the latest update use clone this repo and use it as your preference.\n\n### Quick Install\n\n* Pypi\n```\nthinksabin@DESKTOP:~$ pip install dtrack-auditor\nthinksabin@DESKTOP:~$ dtrackauditor\n```\n \n* Docker image\n```\ndocker pull thinksabin/dtrackauditor:latest\n```\n\n* Git\n```\ngit clone https://github.com/thinksabin/DTrackAuditor.git\n```\n\n### Usage\n\n#### Basic Usage\n\n* As a script:\n```\npython3 dtrackauditor.py \\\n -u 'http://mydtrack.local:8080' \\\n -k 'mydtrackapikey' \\\n -p myweb -v 1.0.0 \\\n -f myweb/target/bom.xml \\\n -a\n```\n\n```\n(.venv) PS C:\\Users\\dells\\OneDrive\\Documents\\GitHub\\DTrackAuditor\\dtrackauditor> ..\\.venv\\Scripts\\python.exe .\\dtrackauditor.py -a -u 'http://mydtrack.local:8080' -k 'mydtrackapikey' -p ddweb -v 1.0.0 -f .\\test\\bom.xml --wait\n```\nIf environment variable for `DTRACK_SERVER` and `DTRACK_API_KEY` are present then the usage can be direct:\n\n```\npython3 dtrackauditor.py -p myweb -v 1.0.0 -a\n```\n\nIf your DependencyTrack server is exposed through an HTTPS listener (e.g.\nusing an nginx or apache web-server as a reverse proxy for the UI and API\nservers), and if this setup uses self-signed certificates or those issued by\na private (corporate) Certificate Authority, you may benefit from passing\na path to PEM file with the trust chain using `DTRACK_SERVER_CERTCHAIN`\nenvironment variable or the `-C`/`--certchain` command-line argument.\nSuch argument may also be `none` to trust any HTTPS server blindly.\n\n* As a Docker container:\n```\ndocker run --rm -v $PWD:/tmp \\\n thinksabin/dtrackauditor -- \\\n required parameters as examples\n```\n\n#### Vulnerability Rules\n\nAuto mode for CI/CD with support for rules.\n\n```\npython3 dtrackauditor.py \\\n -u http://mydtrack.local:8080 \\\n -k mydtrackapikey \\\n -p hello \\\n -v 8.0.0 \\\n -a \\\n -r critical:1:true,high:2:true,medium:10:true,low:10:false\n```\n\nThe rules are a list of:\n\n```\n<severity>:<count>:<action>\n```\n\nWhere:\n\n * severity: Either `critical`, `high`, `medium`, `low`, or `unassigned`\n * count: If the count of the issues for the `severity` is greater or equal, trigger `action`\n * action: `true` to fail the test, `false` to just display a warning (default is `true`)\n\n#### Policy Violations\n\nDtrackAuditor return with code 1 (fails the test) in case any Policy Violations detected. This feature is not configurable and cannot be disabled using command line options.\n\n# For enhancement\nPlease create issues for bug reports and suggestions. Thanks.\n",
"bugtrack_url": null,
"license": "Apache 2.0",
"summary": "Improved client for OWASP DependencyTrack usage in CI CD.",
"version": "1.5.0",
"project_urls": {
"Homepage": "https://github.com/thinksabin/DTrackAuditor"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "b30f9fffcb3fd5dc22532244ccacb8e3b51bfabf4d480c1acd58932e2fe4e91a",
"md5": "aca1ffb8a9459862ef9afb50aeee58d4",
"sha256": "f46604d63ab0ff06d0b3778988cf60313512f05602509d7b61ba656f42c09275"
},
"downloads": -1,
"filename": "dtrack_auditor-1.5.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "aca1ffb8a9459862ef9afb50aeee58d4",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7.0",
"size": 30556,
"upload_time": "2024-12-27T22:30:10",
"upload_time_iso_8601": "2024-12-27T22:30:10.432047Z",
"url": "https://files.pythonhosted.org/packages/b3/0f/9fffcb3fd5dc22532244ccacb8e3b51bfabf4d480c1acd58932e2fe4e91a/dtrack_auditor-1.5.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "c70fbd0bc6ecf77b002c5af174c82d74c2d6b1adb19f883399f2cbf6576bd582",
"md5": "9a45f2d09ab80153c182d56a58b5a7a7",
"sha256": "33bc43c83a47043c96df2d329137b8faabcecb491ffaee377a3cc8c55091987f"
},
"downloads": -1,
"filename": "dtrack_auditor-1.5.0.tar.gz",
"has_sig": false,
"md5_digest": "9a45f2d09ab80153c182d56a58b5a7a7",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7.0",
"size": 30659,
"upload_time": "2024-12-27T22:30:12",
"upload_time_iso_8601": "2024-12-27T22:30:12.419959Z",
"url": "https://files.pythonhosted.org/packages/c7/0f/bd0bc6ecf77b002c5af174c82d74c2d6b1adb19f883399f2cbf6576bd582/dtrack_auditor-1.5.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-27 22:30:12",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "thinksabin",
"github_project": "DTrackAuditor",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "certifi",
"specs": [
[
"==",
"2024.12.14"
]
]
},
{
"name": "polling",
"specs": [
[
"==",
"0.3.2"
]
]
},
{
"name": "requests",
"specs": [
[
"==",
"2.32.3"
]
]
}
],
"lcname": "dtrack-auditor"
}
JSON
