Tools

Tools: How to Integrate Endoflife.Date in Dependency-Track EoL - Expert Insights

2026-03-29 0 views admin
Tools: How to Integrate Endoflife.Date in Dependency-Track EoL - Expert Insights

Steps of this tutorial

Step 1: Install Dependency-Track

Step 2: Import Your SBOM

Step 3: Get Your API Key

Step 4: Install and Run the Integration

Windows

Step 5: Review Results

Notes & Tips

Feedback & Contributions Keeping your software up-to-date is crucial — but what happens when a library reaches end-of-life (EoL)? It stops receiving security updates, leaving your applications exposed to hidden risks. OWASP Dependency-Track is great for scanning SBOMs (Software Bill of Materials) for vulnerabilities/CVEs. But EoL dependencies, but EoL software may have unpatched vulnerabilities that aren’t reported — creating hidden risks. In this guide, I’ll show you how to set up my experimental integration for Dependency-Track and start detecting EoL dependencies from endoflife.date in your projects. If you already have a running Dependency-Track installation, skip this step. Otherwise, the easiest way is via Docker: Once started, navigate to http://localhost:8080 to access the web UI. You need at least one SBOM loaded in Dependency-Track to analyze dependencies. In the web UI: If you already have a project in Dependency-Track, you can skip this step. The EoL integration uses the Dependency-Track API. To get your key: You can choose Linux or Windows depending on your environment. I’d love your feedback: Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Command

Copy

# Download Docker Compose file -weight: 500;">curl -LO https://raw.githubusercontent.com/DependencyTrack/dependency-track/main/-weight: 500;">docker-compose.yml # Start Dependency-Track stack -weight: 500;">docker compose up -d # Download Docker Compose file -weight: 500;">curl -LO https://raw.githubusercontent.com/DependencyTrack/dependency-track/main/-weight: 500;">docker-compose.yml # Start Dependency-Track stack -weight: 500;">docker compose up -d # Download Docker Compose file -weight: 500;">curl -LO https://raw.githubusercontent.com/DependencyTrack/dependency-track/main/-weight: 500;">docker-compose.yml # Start Dependency-Track stack -weight: 500;">docker compose up -d # Download the latest binary -weight: 500;">curl -LO https://github.com/Chriz76/endoflife-dependencytrack/releases/download/v0.1.0-alpha/eol-dt-linux-x64.tar.gz # Extract the archive tar -xzvf eol-dt-linux-x64.tar.gz # Make it executable chmod +x eol-dt # Run it ./eol-dt --apikey YOUR_DEPENDENCY_TRACK_API_KEY # Download the latest binary -weight: 500;">curl -LO https://github.com/Chriz76/endoflife-dependencytrack/releases/download/v0.1.0-alpha/eol-dt-linux-x64.tar.gz # Extract the archive tar -xzvf eol-dt-linux-x64.tar.gz # Make it executable chmod +x eol-dt # Run it ./eol-dt --apikey YOUR_DEPENDENCY_TRACK_API_KEY # Download the latest binary -weight: 500;">curl -LO https://github.com/Chriz76/endoflife-dependencytrack/releases/download/v0.1.0-alpha/eol-dt-linux-x64.tar.gz # Extract the archive tar -xzvf eol-dt-linux-x64.tar.gz # Make it executable chmod +x eol-dt # Run it ./eol-dt --apikey YOUR_DEPENDENCY_TRACK_API_KEY eol-dt --apikey YOUR_DEPENDENCY_TRACK_API_KEY eol-dt --apikey YOUR_DEPENDENCY_TRACK_API_KEY eol-dt --apikey YOUR_DEPENDENCY_TRACK_API_KEY - Dependency-Track installation (You can skip this if you already have a running installation) - Import SBOM (You can skip this if you already have a running installation) - Get the Dependency-Track API key from the Web UI - Install and run the integration - Go to Projects → Add Project - Upload your SBOM (Or use the example sbom) - Wait for the components to be processed - Log in to the Web UI at http://localhost:8080 (That's the default for Dependency-Track Installations) - Click on your Administration → Access Management → Teams - Generate a new key - Copy it for later use - Download the latest Windows binary - Run it with your api key - In the Dependency-Track UI, search for "INT" to see flagged EoL components - Check the program output for details about matched components - Optionally, provide your own EoL dataset using the --eoldata option - This project is experimental — use in test environments first - Matching relies on PURL, CPE, and name heuristics — some results may be incomplete - Future improvements: integrate more package repositories, combine EoL with CVE data, allow manual overrides - For further options or feedback see the endoflife-dependencytrack project on github - Does this help detect hidden vulnerabilities? - Ideas to improve matching accuracy? - Found bugs or missing components?

🏷️ Tags

toolsutilitiessecurity toolsintegrateendoflifedependencytrackexpertinsights

More from Tools

Tools: Gas-Aware Trading: Execute Only When Gas Is Cheap (2026)

Tools: Gas-Aware Trading: Execute Only When Gas Is Cheap (2026)

2026-03-30 0
Tools: Grafana k6 Has a Free API That Load Tests Your APIs With JavaScript - Full Analysis

Tools: Grafana k6 Has a Free API That Load Tests Your APIs With JavaScript - Full Analysis

2026-03-30 0
Tools: Caddy Has a Free API That Gives You Automatic HTTPS With Zero Configuration (2026)

Tools: Caddy Has a Free API That Gives You Automatic HTTPS With Zero Configuration (2026)

2026-03-30 0
Tools: Fly.io Has a Free API That Deploys Docker Apps Globally With Edge Hosting (2026)

Tools: Fly.io Has a Free API That Deploys Docker Apps Globally With Edge Hosting (2026)

2026-03-30 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views