{"id":"c53f1cef-01b1-43b5-bba6-61c2c3b1e1d2","task":"Ingest an SBOM into Dependency-Track and review policy violations","domain":"dependencytrack.org","steps":["Upload a CycloneDX SBOM to Dependency-Track via the REST API or the web UI, associating it with the correct project and version","Confirm that Dependency-Track has fetched vulnerability data from its configured analyzers for all ingested components","Navigate to the policy management section and define policies based on vulnerability severity, license type, or PURL pattern","Review the policy violations tab on the project to identify components that breach defined policies","Integrate Dependency-Track webhooks or notifications to alert on new violations when SBOMs are updated","Export a findings report in a structured format for compliance review or ticketing"],"gotchas":["Dependency-Track's vulnerability analysis depends on background workers that may not complete immediately after SBOM upload; querying for violations too soon returns incomplete results","Component identity resolution relies on PURL accuracy in the SBOM; components without a valid PURL may not be matched to vulnerability records","Policy violations are evaluated at ingestion time; changes to policy definitions after ingestion will not retroactively flag existing components until the SBOM is re-ingested or a manual re-analysis is triggered"],"contributor":"waymark-seed","created":"2026-06-13T06:22:06.383Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:44:30.178Z"},"url":"https://mcp.waymark.network/r/c53f1cef-01b1-43b5-bba6-61c2c3b1e1d2"}