Integrate Native Image SBOM with GitHub's Dependency Submission API (#119)

Co-authored-by: Fabio Niephaus <fabio.niephaus@oracle.com>

__tests__/sbom/main-test-app/pom.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.oracle</groupId>
+    <artifactId>main-test-app</artifactId>
+    <version>1.0.0</version>
+
+    <properties>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.json</groupId>
+            <artifactId>json</artifactId>
+            <version>20241224</version>
+        </dependency>
+    </dependencies>
+
+    <profiles>
+        <profile>
+            <id>native</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.graalvm.buildtools</groupId>
+                        <artifactId>native-maven-plugin</artifactId>
+                        <version>0.10.3</version>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>compile-no-fork</goal>
+                                </goals>
+                                <phase>package</phase>
+                            </execution>
+                        </executions>
+                        <configuration>
+                            <mainClass>com.oracle.sbom.SBOMTestApplication</mainClass>
+                            <buildArgs>
+                                <buildArg>-Ob</buildArg>
+                                <buildArg>--no-fallback</buildArg>
+                                <buildArg>-H:+ReportExceptionStackTraces</buildArg>
+                            </buildArgs>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+</project>

__tests__/sbom/main-test-app/src/main/java/com/oracle/sbom/SBOMTestApplication.java

@@ -0,0 +1,12 @@
+package com.oracle.sbom;
+
+import org.json.JSONObject;
+
+public class SBOMTestApplication {
+    public static void main(String argv[]) {
+        JSONObject jo = new JSONObject();
+        jo.put("lorem", "ipsum");
+        jo.put("dolor", "sit amet");
+        System.out.println(jo);
+    }
+}

__tests__/sbom/main-test-app/verify-sbom.cmd

@@ -0,0 +1,14 @@
+@echo off
+set "SCRIPT_DIR=%~dp0"
+
+for %%p in (
+    "\"pkg:maven/org.json/json@20241224\""
+    "\"main-test-app\""
+    "\"svm\""
+    "\"nativeimage\""
+) do (
+    echo Checking for %%p
+    findstr /c:%%p "%SCRIPT_DIR%target\main-test-app.sbom.json" || exit /b 1
+)
+
+echo SBOM was successfully generated and contained the expected components

__tests__/sbom/main-test-app/verify-sbom.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+required_patterns=(
+    '"pkg:maven/org.json/json@20241224"'
+    '"main-test-app"'
+    '"svm"'
+    '"nativeimage"'
+)
+
+for pattern in "${required_patterns[@]}"; do
+    echo "Checking for $pattern"
+    if ! grep -q "$pattern" "$script_dir/target/main-test-app.sbom.json"; then
+        echo "Pattern not found: $pattern"
+        exit 1
+    fi
+done
+
+echo "SBOM was successfully generated and contained the expected components"