LibTracker Logo

LibTracker

5-Minute Integration

Integrate LibTracker into your CI/CD

Automate SBOM generation and CVE monitoring with every build. Compatible with all popular CI/CD tools.

How does it work?

4 steps for successful integration

vpn_key1

Generate a CI token

Create a secure API token from your LibTracker project settings

code2

Add the script to your pipeline

Copy-paste our sample configuration into your CI/CD file

cloud_upload3

Automatic push on every build

Your lock files are automatically sent to LibTracker

visibility4

Real-time monitoring

Receive instant alerts when new CVEs are detected

CI Token Generation

Simple interface to create and manage your CI/CD API tokens

Screenshot of LibTracker CI token generation interface

Integration Examples

Configure your CI/CD integration in 4 simple steps

1

Select your package managers

Select all package managers present in your project (you can select multiple)

JavaScript
Python
Java
Other
2

Choose your CI/CD platform

Select the CI/CD platform you want to integrate with

3

Configure your CI secrets

Add these secrets to your CI/CD platform settings:

LIBTRACKER_PROJECT_ID

Your LibTracker project ID (found in project settings)

LIBTRACKER_TOKEN

Your CI token (generate it from project settings > CI/CD Tokens)

4

Copy your configuration

GitHub Actions

Native GitHub Actions integration in just a few lines

name: LibTracker CI
on:
  push:
    branches: [ main ]

jobs:
  libtracker:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Upload to LibTracker
        run: |
          curl -X POST "https://api.libtracker.io/ci/projects/${PROJECT_ID}/releases" \
            -H "Authorization: Bearer ${LIBTRACKER_TOKEN}" \
            -H "Accept: application/json" \
            -F "version=${GITHUB_SHA}" \
            -F "files[]=@./package-lock.json"
        env:
          PROJECT_ID: ${{ secrets.LIBTRACKER_PROJECT_ID }}
          LIBTRACKER_TOKEN: ${{ secrets.LIBTRACKER_TOKEN }}

Advanced Features

Go further with LibTracker integration

label

Automatic Versioning

LibTracker automatically detects your version from Git tags or environment variables

description

Multi-format Support

Supports all lock file formats: package-lock.json, yarn.lock, Gemfile.lock, etc.

flash_on

Ultra-fast Upload

Optimized upload time to avoid slowing down your builds

bug_report

Robust Error Handling

Automatic retry and detailed logging for easy debugging

Frequently Asked Questions

Do lock files contain sensitive information?

expand_more

What's the impact on my build duration?

expand_more

What happens if the upload fails?

expand_more

Is it compatible with private repositories?

expand_more

Scan your dependencies

First CVE detected in under 10 minutes. You might be surprised.