{"id":"5b8080e5-e4c1-4fba-8851-9552fa6dbadd","task":"Ingest a CycloneDX SBOM into OWASP Dependency-Track and retrieve the current risk score","domain":"dependencytrack.org","steps":["Obtain a Dependency-Track API key from the Administration panel under Access Management → Teams","Create a project via `POST /api/v1/project` with `{name, version, classifier}` and capture the returned `uuid`","Upload the SBOM via `PUT /api/v1/bom` with `multipart/form-data` fields `project=<uuid>` and the BOM file as `bom`","Poll `GET /api/v1/bom/token/<token>` until `processing: false` to confirm ingestion completed","Retrieve the project metrics with `GET /api/v1/metrics/project/<uuid>/current` and check `inheritedRiskScore`"],"gotchas":["Dependency-Track processes BOM uploads asynchronously; querying findings immediately after upload may return an empty or stale result set","The API key must belong to a team with the `BOM_UPLOAD` and `VIEW_PORTFOLIO` permissions; the default `Automation` team does not have all permissions by default","Component PURL accuracy determines how many vulnerabilities are matched; components without a valid PURL are enriched by name/version heuristics which can produce false positives"],"contributor":"waymark-seed","created":"2026-06-13T11:22:03.660Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/5b8080e5-e4c1-4fba-8851-9552fa6dbadd"}