Dependency track - Python
Configuring Dependency Track for Python in pre-build or post build task creates a bill of materials from Python projects and environments and uploads it to D-track for Component Analysis to identify and reduce risk in the software supply chain.
Prerequisite: Make sure you have set up an account in dependency track or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Dependency track for Python from PRESET PLUGINS.
Enter a relevant name in the
Task namefield. It is a mandatory field.Enter a descriptive message for the task in the
Descriptionfield. It is an optional field.Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
| Variable | Format | Description |
|---|---|---|
ProjectManifestType | String | Type of your Python project manifest which is used to build cycloneDx Software Bill of Materials (SBOM). E.g., PIP, Poetry etc. |
RelativePathToPoetryLock | String | Path to your poetry.lock file inside your project |
RelativePathToPipfile | String | Path to your Pipfile.lock file inside your project |
RelativePathToRequirementTxt | String | Path to your requirements.txt file inside your project |
DTrackEndpoint | String | API endpoint of your dependency track account |
DTrackProjectName | String | Name of your dependency track project |
DTrackProjectVersion | String | Version of dependency track project |
DTrackApiKey | String | API key of your dependency track account |
CheckoutPath | String | Checkout path of Git material |
Trigger/Skip Conditionrefers to a conditional statement to execute or skip the task. You can select either:Set trigger conditionsorSet skip conditions
Click Update Pipeline.
Last updated