# VioletBeacon Dependency-Track Client
A command-line Dependency-Track client that is primarily useful for CI/CD environments.
GitHub: https://github.com/VioletBeacon/deptrack-client
PyPI: https://pypi.org/project/violetbeacon-deptrack-client
## Installation
```bash
pip install violetbeacon-deptrack-client
```
This will install the deptrack-client cli into your Python environment.
## Usage
Use the `-h` option to display usage options.
```bash
$ deptrack-client -h
usage: deptrack-client [-h] {version,create-config,upload-bom} ...
Dependency-Track Client
positional arguments:
{version,create-config,upload-bom}
Commands
version Print version information
create-config Create configuration file
upload-bom Upload BOM
options:
-h, --help show this help message and exit
```
### Create a configuation file (optional)
```bash
$ deptrack-client create-config -h
usage: deptrack-client create-config [-h] [-v] -c CONFIG [-H DTRACK_BASEURL] [-A API_KEY] [-a]
-p PROJECT_NAME -q PROJECT_VERSION
options:
-h, --help show this help message and exit
-v Increase logging verbosity. Can be provided multiple times.
-c, --config CONFIG Path to configuration file. Default: deptrack-client.yaml
-H, --dtrack-baseurl DTRACK_BASEURL
Base URL of Dependency-Track API instance (excluding /api/v1/...). If
prefixed with `env:` this is the name of the environment variable which
contains the hostname. Default=env:DTRACK_BASEURL
-A, --api-key API_KEY
API key for the Dependency-Track API. If prefixed with `env:` this is the
name of the environment variable which contains the API key.
Default=env:DTRACK_APIKEY
-a, --autocreate Tell Dependency-Track to autocreate the project if it does not exist
-p, --project-name PROJECT_NAME
Project name
-q, --project-version PROJECT_VERSION
Project ID
```
Example:
```bash
$ deptrack-client create-config -H https://my-dependency-track-instance
```
### Upload a BOM file to Dependency-Track
```bash
$ deptrack-client upload-bom --help
usage: deptrack-client upload-bom [-h] [-v] [-c CONFIG] [-H DTRACK_BASEURL] [-A API_KEY] [-a]
-p PROJECT_NAME -q PROJECT_VERSION -f BOM_FILE
options:
-h, --help show this help message and exit
-v Increase logging verbosity. Can be provided multiple times.
-c, --config CONFIG Path to configuration file. Default: deptrack-client.yaml
-H, --dtrack-baseurl DTRACK_BASEURL
Base URL of Dependency-Track API instance (excluding /api/v1/...). If
prefixed with `env:` this is the name of the environment variable which
contains the hostname. Default=env:DTRACK_BASEURL
-A, --api-key API_KEY
API key for the Dependency-Track API. If prefixed with `env:` this is the
name of the environment variable which contains the API key.
Default=env:DTRACK_APIKEY
-a, --autocreate Autocreate the project if it does not exist
-p, --project-name PROJECT_NAME
Project name
-q, --project-version PROJECT_VERSION
Project ID
-f, --bom-file BOM_FILE
Path to BOM file
```
Example (**Note**: this is not best practice since it will put the API key in the bash history):
```bash:
$ deptrack-client upload-bom -A odt_... -H https://my-dependency-track-instance -a -p ${PROJECT} -q ${VERSION} -f bom.json
```
Following is a typical CI/CD example where secrets are injected into the build environment via environment variables:
The default value for the `-A | --api-key` parameter is `env:DTRACK_APIKEY`, which tells the client to pull the API key from the environment variable named `DTRACK_APIKEY`.
The default value for the `-H | --dtrack-baseurl` parameters is `env:DTRACK_BASEURL`, which tells the client to pull the base URL from the environment variable named `DTRACK_BASEURL`.
You can modify these parameters by setting `-A env:<APIKEY_VARNAME>` and `-H env:<URL_VARNAME>` options.
```bash:
# Prerequisites
# 1. The API key is set in the DTRACK_APIKEY environment variable
# 2. The Base URL is set in the DTRACK_BASEURL environment variable
$ deptrack-client upload-bom -a -p ${PROJECT} -q ${VERSION} -f bom.json
```
## Development
See [DEVELOPMENT.md](./DEVELOPMENT.md).
Raw data
{
"_id": null,
"home_page": null,
"name": "violetbeacon-deptrack-client",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "owasp, dependency-track",
"author": null,
"author_email": "Kris Hardy <kris.hardy@vltbcn.com>",
"download_url": "https://files.pythonhosted.org/packages/dd/66/65a1ea8c98a7849770bb242eb4a8cfa518af405d473f5cbe25284dcfbc35/violetbeacon_deptrack_client-0.1.1.tar.gz",
"platform": null,
"description": "# VioletBeacon Dependency-Track Client\n\nA command-line Dependency-Track client that is primarily useful for CI/CD environments.\n\nGitHub: https://github.com/VioletBeacon/deptrack-client\n\nPyPI: https://pypi.org/project/violetbeacon-deptrack-client\n\n## Installation\n\n```bash\npip install violetbeacon-deptrack-client\n```\n\nThis will install the deptrack-client cli into your Python environment.\n\n## Usage\n\nUse the `-h` option to display usage options.\n\n```bash\n$ deptrack-client -h\nusage: deptrack-client [-h] {version,create-config,upload-bom} ...\n\nDependency-Track Client\n\npositional arguments:\n {version,create-config,upload-bom}\n Commands\n version Print version information\n create-config Create configuration file\n upload-bom Upload BOM\n\noptions:\n -h, --help show this help message and exit\n```\n\n### Create a configuation file (optional)\n\n```bash\n$ deptrack-client create-config -h\nusage: deptrack-client create-config [-h] [-v] -c CONFIG [-H DTRACK_BASEURL] [-A API_KEY] [-a]\n -p PROJECT_NAME -q PROJECT_VERSION\n\noptions:\n -h, --help show this help message and exit\n -v Increase logging verbosity. Can be provided multiple times.\n -c, --config CONFIG Path to configuration file. Default: deptrack-client.yaml\n -H, --dtrack-baseurl DTRACK_BASEURL\n Base URL of Dependency-Track API instance (excluding /api/v1/...). If\n prefixed with `env:` this is the name of the environment variable which\n contains the hostname. Default=env:DTRACK_BASEURL\n -A, --api-key API_KEY\n API key for the Dependency-Track API. If prefixed with `env:` this is the\n name of the environment variable which contains the API key.\n Default=env:DTRACK_APIKEY\n -a, --autocreate Tell Dependency-Track to autocreate the project if it does not exist\n -p, --project-name PROJECT_NAME\n Project name\n -q, --project-version PROJECT_VERSION\n Project ID\n```\n\nExample:\n\n```bash\n$ deptrack-client create-config -H https://my-dependency-track-instance \n```\n\n\n### Upload a BOM file to Dependency-Track\n\n```bash\n$ deptrack-client upload-bom --help\nusage: deptrack-client upload-bom [-h] [-v] [-c CONFIG] [-H DTRACK_BASEURL] [-A API_KEY] [-a]\n -p PROJECT_NAME -q PROJECT_VERSION -f BOM_FILE\n\noptions:\n -h, --help show this help message and exit\n -v Increase logging verbosity. Can be provided multiple times.\n -c, --config CONFIG Path to configuration file. Default: deptrack-client.yaml\n -H, --dtrack-baseurl DTRACK_BASEURL\n Base URL of Dependency-Track API instance (excluding /api/v1/...). If\n prefixed with `env:` this is the name of the environment variable which\n contains the hostname. Default=env:DTRACK_BASEURL\n -A, --api-key API_KEY\n API key for the Dependency-Track API. If prefixed with `env:` this is the\n name of the environment variable which contains the API key.\n Default=env:DTRACK_APIKEY\n -a, --autocreate Autocreate the project if it does not exist\n -p, --project-name PROJECT_NAME\n Project name\n -q, --project-version PROJECT_VERSION\n Project ID\n -f, --bom-file BOM_FILE\n Path to BOM file\n```\n\nExample (**Note**: this is not best practice since it will put the API key in the bash history):\n\n```bash:\n$ deptrack-client upload-bom -A odt_... -H https://my-dependency-track-instance -a -p ${PROJECT} -q ${VERSION} -f bom.json\n```\n\nFollowing is a typical CI/CD example where secrets are injected into the build environment via environment variables:\n\nThe default value for the `-A | --api-key` parameter is `env:DTRACK_APIKEY`, which tells the client to pull the API key from the environment variable named `DTRACK_APIKEY`.\n\nThe default value for the `-H | --dtrack-baseurl` parameters is `env:DTRACK_BASEURL`, which tells the client to pull the base URL from the environment variable named `DTRACK_BASEURL`.\n\nYou can modify these parameters by setting `-A env:<APIKEY_VARNAME>` and `-H env:<URL_VARNAME>` options.\n\n```bash:\n# Prerequisites\n# 1. The API key is set in the DTRACK_APIKEY environment variable\n# 2. The Base URL is set in the DTRACK_BASEURL environment variable\n$ deptrack-client upload-bom -a -p ${PROJECT} -q ${VERSION} -f bom.json\n```\n\n## Development\n\nSee [DEVELOPMENT.md](./DEVELOPMENT.md).\n",
"bugtrack_url": null,
"license": null,
"summary": "Dependency-Track client by VioletBeacon",
"version": "0.1.1",
"project_urls": {
"Homepage": "https://github.com/VioletBeacon/deptrack-client",
"Issues": "https://github.com/VioletBeacon/deptrack-client/issues"
},
"split_keywords": [
"owasp",
" dependency-track"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "96c28bb629bb03bf2f2617788799a427a354d8368f2f78316e732e8171a4eaf2",
"md5": "36173e372f493122cc4d45fce6d7aa95",
"sha256": "9fa8fed1fe8f3125677d72384c6446694bb1a04f85fea580eb1b116f31ab3bd7"
},
"downloads": -1,
"filename": "violetbeacon_deptrack_client-0.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "36173e372f493122cc4d45fce6d7aa95",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 25497,
"upload_time": "2025-07-24T23:43:40",
"upload_time_iso_8601": "2025-07-24T23:43:40.171508Z",
"url": "https://files.pythonhosted.org/packages/96/c2/8bb629bb03bf2f2617788799a427a354d8368f2f78316e732e8171a4eaf2/violetbeacon_deptrack_client-0.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "dd6665a1ea8c98a7849770bb242eb4a8cfa518af405d473f5cbe25284dcfbc35",
"md5": "2bddd9558b7dc09aa869a0e277f2b086",
"sha256": "06fc3106098191a6dc7e1792e891360228dfc48206622ee8776a700658e6c73f"
},
"downloads": -1,
"filename": "violetbeacon_deptrack_client-0.1.1.tar.gz",
"has_sig": false,
"md5_digest": "2bddd9558b7dc09aa869a0e277f2b086",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 43871,
"upload_time": "2025-07-24T23:43:41",
"upload_time_iso_8601": "2025-07-24T23:43:41.915250Z",
"url": "https://files.pythonhosted.org/packages/dd/66/65a1ea8c98a7849770bb242eb4a8cfa518af405d473f5cbe25284dcfbc35/violetbeacon_deptrack_client-0.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-24 23:43:41",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "VioletBeacon",
"github_project": "deptrack-client",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "violetbeacon-deptrack-client"
}
JSON
