Like many of you, I struggled with automating Dependency-Track. Using curl was messy, and my dashboard was flooded with hundreds of "Active" versions from old CI builds, destroying my metrics.

I built a small CLI tool (Go) to solve this. It handles the full lifecycle in one command:

Uploads the SBOM.

Tags the new version as Latest.

Auto-archives old versions (sets active: false) so only the deployed version counts toward risk scores.

It’s open source and works as a single binary (or Docker image). Hope it saves you some bash-scripting headaches!

Repo: https://github.com/MedUnes/dtrack-cli