The Dependency-Check Jenkins plugin includes a publisher which can be configured to push Dependency-Check XML reports or CycloneDX and SPDX bill-of-material documents to Dependency-Track.
To setup, navigate to Jenkins » System Configuration and complete the Dependency-Track section.
Once configured with a valid URL and API key, simply configure a job to publish the artifact.
Dependency-Track project: Specifies the unique project ID to upload scan results to. This dropdown will be automatically populated with a list of projects.
Artifact: Specifies the file to upload. Paths are relative from the Jenkins workspace.
Artifact Type: Options are:
- Dependency-Check Scan Result (XML)
- Software Bill of Material (CycloneDX or SPDX)