Finding Vulnerable Libraries in Projects using Dependency-Track's API #3157
-
Hello! I want to find vulnerable libraries in projects using Dependency-Track's API. I'm looking for a way to determine if a specific vulnerable library is present in any of the projects. I've been trying to use Dependency-Track's API to retrieve a list of projects, but I need an efficient method to check if the vulnerable library is present in each project. I am trying to create a script but it is not working as the API does not provide such data from this method. Does anyone have any ideas on how to do this? Script --
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
-
This can be done in the interface |
Beta Was this translation helpful? Give feedback.
-
Project objects returned by the API do not have the As for your original use case, you can search for components across all projects using the There are multiple options to query component identities by: For example: curl -H 'X-Api-Key: YOUR_KEY' 'http://dtrack.example.com/api/v1/component/identity?name=vulnerableLibraryName' |
Beta Was this translation helpful? Give feedback.
-
Yes thank you! It worked! The script below displays projects that have a vulnerable library and creates an Excel table with them!
|
Beta Was this translation helpful? Give feedback.
Thanks for the tips! Now everything works.
We enter the library and version, then check to see if it exists, check for duplication, and add everything to the Excel table, thank you!