This action uploads a software bill of materials file to a Dependency-Track server.
Required Dependency-Track hostname
Defaults to 443
Can be https
or http
Defaults to https
Required Dependency-Track API key
Required, unless projectName and projectVersion are provided Project uuid in Dependency-Track
Required, unless project is provided Project name in Dependency-Track
Required, unless project is provided Project version in Dependency-Track
Comma-separated list of tags (available in DT v4.12 and later)
Automatically create project and version in Dependency-Track, default false
Path and filename of the BOM, default bom.xml
Parent project uuid in Dependency-Track (available in DT v4.8 and later)
parentVersion is also required Parent project name in Dependency-Track (available in DT v4.8 and later)
parentName is also required Parent project version in Dependency-Track (available in DT v4.8 and later)
Set version of project like the latest
With project name and version:
uses: DependencyTrack/gh-upload-sbom@v3
with:
serverHostname: 'example.com'
apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
projectName: 'Example Project'
projectVersion: 'master'
bomFilename: "/path/to/bom.xml"
autoCreate: true
With project name, version and tags:
uses: DependencyTrack/gh-upload-sbom@v3
with:
serverHostname: 'example.com'
apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
projectName: 'Example Project'
projectVersion: 'master'
projectTags: 'tag1,tag2'
bomFilename: "/path/to/bom.xml"
autoCreate: true
With protocol, port and project name:
uses: DependencyTrack/gh-upload-sbom@v3
with:
protocol: ${{ secrets.DEPENDENCYTRACK_PROTOCOL }}
serverHostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}
port: ${{ secrets.DEPENDENCYTRACK_PORT }}
apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
projectName: 'Example Project'
projectVersion: 'master'
bomFilename: "/path/to/bom.xml"
autoCreate: true
With project uuid:
uses: DependencyTrack/gh-upload-sbom@v3
with:
serverHostname: 'example.com'
apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
project: 'dadec8ad-7053-4e8c-8044-7b6ef698e08d'
With protocol, port, project name and parent name:
uses: DependencyTrack/gh-upload-sbom@v3
with:
protocol: ${{ secrets.DEPENDENCYTRACK_PROTOCOL }}
serverHostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}
port: ${{ secrets.DEPENDENCYTRACK_PORT }}
apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
projectName: 'Example Project'
projectVersion: 'master'
bomFilename: "/path/to/bom.xml"
autoCreate: true
parentName: 'Example Parent'
parentVersion: 'master'
With parent uuid:
uses: DependencyTrack/gh-upload-sbom@v3
with:
serverHostname: 'example.com'
apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
project: 'dadec8ad-7053-4e8c-8044-7b6ef698e08d'
parent: '6a5a3c33-3f8b-42ee-8d50-594bfd95dd32'