Skip to content

Commit b90f408

Browse files
iliyan-velichkoviliyan-velichkov
authored
generate sbom and expose it via the actuator endpoint (#5663)
1 parent 563e285 commit b90f408

3 files changed

Lines changed: 40 additions & 3 deletions

File tree

build/application/pom.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -250,6 +250,10 @@
250250

251251
<build>
252252
<plugins>
253+
<plugin>
254+
<groupId>org.cyclonedx</groupId>
255+
<artifactId>cyclonedx-maven-plugin</artifactId>
256+
</plugin>
253257
<plugin>
254258
<groupId>org.springframework.boot</groupId>
255259
<artifactId>spring-boot-maven-plugin</artifactId>

pom.xml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -409,6 +409,38 @@
409409
<artifactId>maven-gpg-plugin</artifactId>
410410
<version>${maven-gpg-plugin.version}</version>
411411
</plugin>
412+
<plugin>
413+
<groupId>org.cyclonedx</groupId>
414+
<artifactId>cyclonedx-maven-plugin</artifactId>
415+
<version>2.9.1</version>
416+
<executions>
417+
<execution>
418+
<phase>prepare-package</phase>
419+
<goals>
420+
<goal>makeAggregateBom</goal>
421+
</goals>
422+
</execution>
423+
</executions>
424+
<configuration>
425+
<!-- https://cyclonedx.org/docs/1.6/json/-->
426+
<schemaVersion>1.6</schemaVersion>
427+
<projectType>application</projectType>
428+
<verbose>false</verbose>
429+
430+
<includeBomSerialNumber>true</includeBomSerialNumber>
431+
<includeCompileScope>true</includeCompileScope>
432+
<includeProvidedScope>true</includeProvidedScope>
433+
<includeRuntimeScope>true</includeRuntimeScope>
434+
<includeSystemScope>true</includeSystemScope>
435+
<includeTestScope>false</includeTestScope>
436+
<includeLicenseText>false</includeLicenseText>
437+
438+
<outputReactorProjects>true</outputReactorProjects>
439+
<outputFormat>all</outputFormat>
440+
<outputName>bom</outputName>
441+
<outputDirectory>${project.build.outputDirectory}/META-INF/sbom</outputDirectory>
442+
</configuration>
443+
</plugin>
412444
</plugins>
413445
</pluginManagement>
414446
</build>

tests/tests-integrations/src/main/java/org/eclipse/dirigible/integration/tests/api/SecurityIT.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ void testPublicEndpoint() throws Exception {
4343

4444
@Test
4545
void testProtectedEndpointWithoutAuthentication() throws Exception {
46-
Set<String> paths = Set.of("/spring-admin", "/actuator/info");
46+
Set<String> paths = Set.of("/spring-admin", "/actuator/info", "/actuator/sbom", "/actuator/sbom/application");
4747
for (String path : paths) {
4848
mvc.perform(get(path))
4949
.andExpect(status().isUnauthorized());
@@ -53,7 +53,7 @@ void testProtectedEndpointWithoutAuthentication() throws Exception {
5353
@Test
5454
@WithMockUser(username = "user_without_roles", roles = {"SOME_UNUSED_ROLE"})
5555
void testProtectedEndpointsWithUnauthorizedUser() throws Exception {
56-
Set<String> paths = Set.of("/actuator/info");
56+
Set<String> paths = Set.of("/actuator/info", "/actuator/sbom", "/actuator/sbom/application");
5757
for (String path : paths) {
5858
mvc.perform(get(path))
5959
.andExpect(status().isForbidden());
@@ -63,7 +63,8 @@ void testProtectedEndpointsWithUnauthorizedUser() throws Exception {
6363
@Test
6464
@WithMockUser(username = "operator", roles = {Roles.RoleNames.OPERATOR})
6565
void testOperatorEndpointIsAccessible() throws Exception {
66-
Map<String, HttpStatus> paths = Map.of("/spring-admin", HttpStatus.NOT_FOUND, "/actuator/info", HttpStatus.OK);
66+
Map<String, HttpStatus> paths = Map.of("/spring-admin", HttpStatus.NOT_FOUND, "/actuator/info", HttpStatus.OK, "/actuator/sbom",
67+
HttpStatus.OK, "/actuator/sbom/application", HttpStatus.OK);
6768
for (Map.Entry<String, HttpStatus> entry : paths.entrySet()) {
6869
mvc.perform(get(entry.getKey()))
6970
.andExpect(status().is(entry.getValue()

0 commit comments

Comments
 (0)