From fd2c574180dec7f3772d0ac7417573530ba106c5 Mon Sep 17 00:00:00 2001 From: Sorena Sarabadani Date: Sun, 25 Jan 2026 21:59:39 +0100 Subject: [PATCH] feat: fetch repository sbom --- .../java/org/kohsuke/github/GHRepository.java | 16 +- src/main/java/org/kohsuke/github/GHSBOM.java | 376 +++++ .../kohsuke/github/GHSBOMExportResult.java | 32 + .../github-api/reflect-config.json | 90 + .../github-api/serialization-config.json | 18 + .../java/org/kohsuke/github/GHSBOMTest.java | 110 ++ .../wiremock/getSBOM/__files/1-user.json | 36 + .../getSBOM/__files/2-r_h_github-api.json | 147 ++ .../3-r_h_g_dependency-graph_sbom.json | 1473 +++++++++++++++++ .../wiremock/getSBOM/mappings/1-user.json | 48 + .../getSBOM/mappings/2-r_h_github-api.json | 48 + .../3-r_h_g_dependency-graph_sbom.json | 47 + 12 files changed, 2440 insertions(+), 1 deletion(-) create mode 100644 src/main/java/org/kohsuke/github/GHSBOM.java create mode 100644 src/main/java/org/kohsuke/github/GHSBOMExportResult.java create mode 100644 src/test/java/org/kohsuke/github/GHSBOMTest.java create mode 100644 src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/1-user.json create mode 100644 src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/2-r_h_github-api.json create mode 100644 src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/3-r_h_g_dependency-graph_sbom.json create mode 100644 src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/1-user.json create mode 100644 src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/2-r_h_github-api.json create mode 100644 src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/3-r_h_g_dependency-graph_sbom.json diff --git a/src/main/java/org/kohsuke/github/GHRepository.java b/src/main/java/org/kohsuke/github/GHRepository.java index 1ecd86f0bd..127a1475e0 100644 --- a/src/main/java/org/kohsuke/github/GHRepository.java +++ b/src/main/java/org/kohsuke/github/GHRepository.java @@ -1983,6 +1983,20 @@ public GHRelease getReleaseByTagName(String tag) throws IOException { } } + /** + * Exports the software bill of materials (SBOM) for a repository. + * + * @return the SBOM export result containing the SPDX-formatted SBOM + * @throws IOException + * the io exception + * @see SBOM API documentation + */ + public GHSBOMExportResult getSBOM() throws IOException { + return root().createRequest() + .withUrlPath(getApiTailUrl("dependency-graph/sbom")) + .fetch(GHSBOMExportResult.class); + } + /** * Gets size. * @@ -3397,7 +3411,7 @@ private void modifyCollaborators(@NonNull Collection users, * @return the api tail url */ String getApiTailUrl(String tail) { - if (tail.length() > 0 && !tail.startsWith("/")) { + if (!tail.isEmpty() && !tail.startsWith("/")) { tail = '/' + tail; } return "/repos/" + fullName + tail; diff --git a/src/main/java/org/kohsuke/github/GHSBOM.java b/src/main/java/org/kohsuke/github/GHSBOM.java new file mode 100644 index 0000000000..22d4d2f356 --- /dev/null +++ b/src/main/java/org/kohsuke/github/GHSBOM.java @@ -0,0 +1,376 @@ +package org.kohsuke.github; + +import com.fasterxml.jackson.annotation.JsonProperty; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; + +import java.util.Collections; +import java.util.List; + +import javax.annotation.CheckForNull; + +/** + * Represents an SPDX Software Bill of Materials (SBOM) for a repository. + * + * @see GHRepository#getSBOM() + * @see GitHub SBOM API + */ +@SuppressFBWarnings(value = { "UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD", "UWF_UNWRITTEN_FIELD" }, + justification = "JSON API") +public class GHSBOM { + + /** + * Represents the creation information for an SBOM. + */ + public static class CreationInfo { + + private String created; + private List creators; + + /** + * Create default CreationInfo instance. + */ + public CreationInfo() { + } + + /** + * Gets the creation timestamp. + * + * @return the creation timestamp in ISO 8601 format + */ + public String getCreated() { + return created; + } + + /** + * Gets the list of creators. + * + * @return the list of creators (e.g., "Tool: GitHub.com-Dependency-Graph") + */ + public List getCreators() { + return creators != null ? Collections.unmodifiableList(creators) : Collections.emptyList(); + } + } + + /** + * Represents an external reference for a package. + */ + public static class ExternalRef { + + @JsonProperty("referenceCategory") + private String referenceCategory; + @JsonProperty("referenceLocator") + private String referenceLocator; + @JsonProperty("referenceType") + private String referenceType; + + /** + * Create default ExternalRef instance. + */ + public ExternalRef() { + } + + /** + * Gets the reference category. + * + * @return the reference category (e.g., "PACKAGE-MANAGER") + */ + public String getReferenceCategory() { + return referenceCategory; + } + + /** + * Gets the reference locator. + * + * @return the reference locator in PURL format + */ + public String getReferenceLocator() { + return referenceLocator; + } + + /** + * Gets the reference type. + * + * @return the reference type (e.g., "purl") + */ + public String getReferenceType() { + return referenceType; + } + } + + /** + * Represents a package in the SBOM. + */ + public static class Package { + + @JsonProperty("copyrightText") + private String copyrightText; + @JsonProperty("downloadLocation") + private String downloadLocation; + @JsonProperty("externalRefs") + private List externalRefs; + @JsonProperty("filesAnalyzed") + private boolean filesAnalyzed; + @JsonProperty("licenseConcluded") + private String licenseConcluded; + @JsonProperty("licenseDeclared") + private String licenseDeclared; + private String name; + @JsonProperty("SPDXID") + private String spdxid; + private String supplier; + @JsonProperty("versionInfo") + private String versionInfo; + + /** + * Create default Package instance. + */ + public Package() { + } + + /** + * Gets the copyright text. + * + * @return the copyright text, or null if not specified + */ + @CheckForNull + public String getCopyrightText() { + return copyrightText; + } + + /** + * Gets the download location. + * + * @return the download location + */ + public String getDownloadLocation() { + return downloadLocation; + } + + /** + * Gets the external references. + * + * @return the external references + */ + public List getExternalRefs() { + return externalRefs != null ? Collections.unmodifiableList(externalRefs) : Collections.emptyList(); + } + + /** + * Gets the concluded license. + * + * @return the concluded license, or null if not specified + */ + @CheckForNull + public String getLicenseConcluded() { + return licenseConcluded; + } + + /** + * Gets the declared license. + * + * @return the declared license, or null if not specified + */ + @CheckForNull + public String getLicenseDeclared() { + return licenseDeclared; + } + + /** + * Gets the package name. + * + * @return the package name + */ + public String getName() { + return name; + } + + /** + * Gets the SPDX identifier. + * + * @return the SPDX identifier + */ + public String getSPDXID() { + return spdxid; + } + + /** + * Gets the supplier. + * + * @return the supplier, or null if not specified + */ + @CheckForNull + public String getSupplier() { + return supplier; + } + + /** + * Gets the version info. + * + * @return the version info, or null if not specified + */ + @CheckForNull + public String getVersionInfo() { + return versionInfo; + } + + /** + * Returns whether files were analyzed. + * + * @return true if files were analyzed + */ + public boolean isFilesAnalyzed() { + return filesAnalyzed; + } + } + + /** + * Represents a relationship between SPDX elements. + */ + public static class Relationship { + + @JsonProperty("relatedSpdxElement") + private String relatedSpdxElement; + @JsonProperty("relationshipType") + private String relationshipType; + @JsonProperty("spdxElementId") + private String spdxElementId; + + /** + * Create default Relationship instance. + */ + public Relationship() { + } + + /** + * Gets the related SPDX element. + * + * @return the related SPDX element ID + */ + public String getRelatedSpdxElement() { + return relatedSpdxElement; + } + + /** + * Gets the relationship type. + * + * @return the relationship type (e.g., "DEPENDS_ON") + */ + public String getRelationshipType() { + return relationshipType; + } + + /** + * Gets the SPDX element ID. + * + * @return the SPDX element ID + */ + public String getSpdxElementId() { + return spdxElementId; + } + } + + @JsonProperty("creationInfo") + private CreationInfo creationInfo; + @JsonProperty("dataLicense") + private String dataLicense; + @JsonProperty("documentDescribes") + private String documentDescribes; + @JsonProperty("documentNamespace") + private String documentNamespace; + private String name; + private List packages; + private List relationships; + @JsonProperty("spdxVersion") + private String spdxVersion; + @JsonProperty("SPDXID") + private String spdxid; + + /** + * Create default GHSBOM instance. + */ + public GHSBOM() { + } + + /** + * Gets the creation info. + * + * @return the creation info + */ + @SuppressFBWarnings(value = { "EI_EXPOSE_REP" }, justification = "Expected behavior") + public CreationInfo getCreationInfo() { + return creationInfo; + } + + /** + * Gets the data license. + * + * @return the data license (typically "CC0-1.0") + */ + public String getDataLicense() { + return dataLicense; + } + + /** + * Gets the document describes field. + * + * @return the document describes field, or null if not specified + */ + @CheckForNull + public String getDocumentDescribes() { + return documentDescribes; + } + + /** + * Gets the document namespace. + * + * @return the document namespace URI + */ + public String getDocumentNamespace() { + return documentNamespace; + } + + /** + * Gets the document name. + * + * @return the document name + */ + public String getName() { + return name; + } + + /** + * Gets the list of packages. + * + * @return the list of packages + */ + public List getPackages() { + return packages != null ? Collections.unmodifiableList(packages) : Collections.emptyList(); + } + + /** + * Gets the relationships. + * + * @return the relationships between SPDX elements + */ + public List getRelationships() { + return relationships != null ? Collections.unmodifiableList(relationships) : Collections.emptyList(); + } + + /** + * Gets the SPDX identifier. + * + * @return the SPDX identifier (typically "SPDXRef-DOCUMENT") + */ + public String getSPDXID() { + return spdxid; + } + + /** + * Gets the SPDX version. + * + * @return the SPDX version (e.g., "SPDX-2.3") + */ + public String getSpdxVersion() { + return spdxVersion; + } +} diff --git a/src/main/java/org/kohsuke/github/GHSBOMExportResult.java b/src/main/java/org/kohsuke/github/GHSBOMExportResult.java new file mode 100644 index 0000000000..311a85825e --- /dev/null +++ b/src/main/java/org/kohsuke/github/GHSBOMExportResult.java @@ -0,0 +1,32 @@ +package org.kohsuke.github; + +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; + +/** + * Represents the result of exporting an SBOM from a repository. + * + * @see GHRepository#getSBOM() + * @see GitHub SBOM API + */ +@SuppressFBWarnings(value = { "UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD", "UWF_UNWRITTEN_FIELD" }, + justification = "JSON API") +public class GHSBOMExportResult { + + private GHSBOM sbom; + + /** + * Create default GHSBOMExportResult instance. + */ + public GHSBOMExportResult() { + } + + /** + * Gets the SBOM. + * + * @return the SBOM + */ + @SuppressFBWarnings(value = { "EI_EXPOSE_REP" }, justification = "Expected behavior") + public GHSBOM getSbom() { + return sbom; + } +} diff --git a/src/main/resources/META-INF/native-image/org.kohsuke/github-api/reflect-config.json b/src/main/resources/META-INF/native-image/org.kohsuke/github-api/reflect-config.json index 30be262b74..df006df0c2 100644 --- a/src/main/resources/META-INF/native-image/org.kohsuke/github-api/reflect-config.json +++ b/src/main/resources/META-INF/native-image/org.kohsuke/github-api/reflect-config.json @@ -5474,6 +5474,96 @@ "allPublicClasses": true, "allDeclaredClasses": true }, + { + "name": "org.kohsuke.github.GHSBOM", + "allPublicFields": true, + "allDeclaredFields": true, + "queryAllPublicConstructors": true, + "queryAllDeclaredConstructors": true, + "allPublicConstructors": true, + "allDeclaredConstructors": true, + "queryAllPublicMethods": true, + "queryAllDeclaredMethods": true, + "allPublicMethods": true, + "allDeclaredMethods": true, + "allPublicClasses": true, + "allDeclaredClasses": true + }, + { + "name": "org.kohsuke.github.GHSBOM$CreationInfo", + "allPublicFields": true, + "allDeclaredFields": true, + "queryAllPublicConstructors": true, + "queryAllDeclaredConstructors": true, + "allPublicConstructors": true, + "allDeclaredConstructors": true, + "queryAllPublicMethods": true, + "queryAllDeclaredMethods": true, + "allPublicMethods": true, + "allDeclaredMethods": true, + "allPublicClasses": true, + "allDeclaredClasses": true + }, + { + "name": "org.kohsuke.github.GHSBOM$ExternalRef", + "allPublicFields": true, + "allDeclaredFields": true, + "queryAllPublicConstructors": true, + "queryAllDeclaredConstructors": true, + "allPublicConstructors": true, + "allDeclaredConstructors": true, + "queryAllPublicMethods": true, + "queryAllDeclaredMethods": true, + "allPublicMethods": true, + "allDeclaredMethods": true, + "allPublicClasses": true, + "allDeclaredClasses": true + }, + { + "name": "org.kohsuke.github.GHSBOM$Package", + "allPublicFields": true, + "allDeclaredFields": true, + "queryAllPublicConstructors": true, + "queryAllDeclaredConstructors": true, + "allPublicConstructors": true, + "allDeclaredConstructors": true, + "queryAllPublicMethods": true, + "queryAllDeclaredMethods": true, + "allPublicMethods": true, + "allDeclaredMethods": true, + "allPublicClasses": true, + "allDeclaredClasses": true + }, + { + "name": "org.kohsuke.github.GHSBOM$Relationship", + "allPublicFields": true, + "allDeclaredFields": true, + "queryAllPublicConstructors": true, + "queryAllDeclaredConstructors": true, + "allPublicConstructors": true, + "allDeclaredConstructors": true, + "queryAllPublicMethods": true, + "queryAllDeclaredMethods": true, + "allPublicMethods": true, + "allDeclaredMethods": true, + "allPublicClasses": true, + "allDeclaredClasses": true + }, + { + "name": "org.kohsuke.github.GHSBOMExportResult", + "allPublicFields": true, + "allDeclaredFields": true, + "queryAllPublicConstructors": true, + "queryAllDeclaredConstructors": true, + "allPublicConstructors": true, + "allDeclaredConstructors": true, + "queryAllPublicMethods": true, + "queryAllDeclaredMethods": true, + "allPublicMethods": true, + "allDeclaredMethods": true, + "allPublicClasses": true, + "allDeclaredClasses": true + }, { "name": "org.kohsuke.github.GHSearchBuilder", "allPublicFields": true, diff --git a/src/main/resources/META-INF/native-image/org.kohsuke/github-api/serialization-config.json b/src/main/resources/META-INF/native-image/org.kohsuke/github-api/serialization-config.json index 412aa47e18..291c8b0067 100644 --- a/src/main/resources/META-INF/native-image/org.kohsuke/github-api/serialization-config.json +++ b/src/main/resources/META-INF/native-image/org.kohsuke/github-api/serialization-config.json @@ -1097,6 +1097,24 @@ { "name": "org.kohsuke.github.GHRequestedAction" }, + { + "name": "org.kohsuke.github.GHSBOM" + }, + { + "name": "org.kohsuke.github.GHSBOM$CreationInfo" + }, + { + "name": "org.kohsuke.github.GHSBOM$ExternalRef" + }, + { + "name": "org.kohsuke.github.GHSBOM$Package" + }, + { + "name": "org.kohsuke.github.GHSBOM$Relationship" + }, + { + "name": "org.kohsuke.github.GHSBOMExportResult" + }, { "name": "org.kohsuke.github.GHSearchBuilder" }, diff --git a/src/test/java/org/kohsuke/github/GHSBOMTest.java b/src/test/java/org/kohsuke/github/GHSBOMTest.java new file mode 100644 index 0000000000..df8f618830 --- /dev/null +++ b/src/test/java/org/kohsuke/github/GHSBOMTest.java @@ -0,0 +1,110 @@ +package org.kohsuke.github; + +import org.junit.Test; + +import java.io.IOException; +import java.util.List; + +import static org.hamcrest.Matchers.*; + +/** + * Tests for the SBOM (Software Bill of Materials) API. + * + * @see GHRepository#getSBOM() + * @see GitHub SBOM API + */ +public class GHSBOMTest extends AbstractGitHubWireMockTest { + + /** + * Create default GHSBOMTest instance. + */ + public GHSBOMTest() { + } + + /** + * Tests that the SBOM for a repository can be retrieved and has expected structure. + * + * @throws IOException + * if test fails + */ + @Test + public void getSBOM() throws IOException { + GHRepository repo = gitHub.getRepository("hub4j/github-api"); + GHSBOMExportResult result = repo.getSBOM(); + + assertThat("The SBOM result is populated", result, notNullValue()); + + GHSBOM sbom = result.getSbom(); + assertThat("The SBOM is populated", sbom, notNullValue()); + + assertThat("The SPDX ID is correct", sbom.getSPDXID(), equalTo("SPDXRef-DOCUMENT")); + assertThat("The SPDX version is correct", sbom.getSpdxVersion(), equalTo("SPDX-2.3")); + assertThat("The document name is correct", sbom.getName(), equalTo("com.github.hub4j/github-api")); + assertThat("The data license is CC0-1.0", sbom.getDataLicense(), equalTo("CC0-1.0")); + assertThat("The document namespace is set", sbom.getDocumentNamespace(), notNullValue()); + + GHSBOM.CreationInfo creationInfo = sbom.getCreationInfo(); + assertThat("The creation info is populated", creationInfo, notNullValue()); + assertThat("The created timestamp is set", creationInfo.getCreated(), notNullValue()); + assertThat("The creators list is not empty", creationInfo.getCreators(), not(empty())); + assertThat("GitHub is listed as creator", + creationInfo.getCreators(), + hasItem(containsString("GitHub.com-Dependency-Graph"))); + + // documentDescribes is not present in all responses + assertThat("getDocumentDescribes returns null when not present", sbom.getDocumentDescribes(), nullValue()); + + List packages = sbom.getPackages(); + assertThat("The packages list is not empty", packages, not(empty())); + + GHSBOM.Package firstPackage = packages.get(0); + assertThat("The first package has an SPDX ID", firstPackage.getSPDXID(), notNullValue()); + assertThat("The first package has a name", firstPackage.getName(), notNullValue()); + assertThat("Package has downloadLocation", firstPackage.getDownloadLocation(), notNullValue()); + assertThat("Package filesAnalyzed is accessible", firstPackage.isFilesAnalyzed(), is(false)); + + // Find package with version info, license, and copyright (hamcrest-library with version 3.0) + GHSBOM.Package hamcrestPkg = packages.stream() + .filter(p -> p.getName().contains("hamcrest-library") && "3.0".equals(p.getVersionInfo())) + .findFirst() + .orElse(null); + assertThat("Found hamcrest-library package", hamcrestPkg, notNullValue()); + assertThat("Package has versionInfo", hamcrestPkg.getVersionInfo(), equalTo("3.0")); + assertThat("Package has licenseConcluded", hamcrestPkg.getLicenseConcluded(), equalTo("BSD-3-Clause")); + assertThat("Package has copyrightText", hamcrestPkg.getCopyrightText(), containsString("hamcrest.org")); + + // Find package with licenseDeclared (hub4j/github-api) + GHSBOM.Package hub4jPkg = packages.stream() + .filter(p -> "com.github.hub4j/github-api".equals(p.getName())) + .findFirst() + .orElse(null); + assertThat("Found hub4j/github-api package", hub4jPkg, notNullValue()); + assertThat("Package has licenseDeclared", hub4jPkg.getLicenseDeclared(), equalTo("MIT")); + + // supplier is not present in this response + assertThat("getSupplier returns null when not present", firstPackage.getSupplier(), nullValue()); + + boolean foundPackageWithExternalRefs = false; + for (GHSBOM.Package pkg : packages) { + if (!pkg.getExternalRefs().isEmpty()) { + foundPackageWithExternalRefs = true; + GHSBOM.ExternalRef ref = pkg.getExternalRefs().get(0); + assertThat("External ref has a category", ref.getReferenceCategory(), notNullValue()); + assertThat("External ref has a type", ref.getReferenceType(), notNullValue()); + assertThat("External ref has a locator", ref.getReferenceLocator(), notNullValue()); + break; + } + } + assertThat("At least one package has external refs", foundPackageWithExternalRefs, is(true)); + + List relationships = sbom.getRelationships(); + assertThat("The relationships list is not empty", relationships, not(empty())); + + GHSBOM.Relationship firstRelationship = relationships.get(0); + assertThat("The first relationship has a type", firstRelationship.getRelationshipType(), notNullValue()); + assertThat("The first relationship has an element ID", firstRelationship.getSpdxElementId(), notNullValue()); + assertThat("The first relationship has a related element", + firstRelationship.getRelatedSpdxElement(), + notNullValue()); + } +} diff --git a/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/1-user.json b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/1-user.json new file mode 100644 index 0000000000..fbc5eae788 --- /dev/null +++ b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/1-user.json @@ -0,0 +1,36 @@ +{ + "login": "Anonycoders", + "id": 40047636, + "node_id": "MDQ6VXNlcjQwMDQ3NjM2", + "avatar_url": "https://avatars.githubusercontent.com/u/40047636?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/Anonycoders", + "html_url": "https://github.com/Anonycoders", + "followers_url": "https://api.github.com/users/Anonycoders/followers", + "following_url": "https://api.github.com/users/Anonycoders/following{/other_user}", + "gists_url": "https://api.github.com/users/Anonycoders/gists{/gist_id}", + "starred_url": "https://api.github.com/users/Anonycoders/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/Anonycoders/subscriptions", + "organizations_url": "https://api.github.com/users/Anonycoders/orgs", + "repos_url": "https://api.github.com/users/Anonycoders/repos", + "events_url": "https://api.github.com/users/Anonycoders/events{/privacy}", + "received_events_url": "https://api.github.com/users/Anonycoders/received_events", + "type": "User", + "user_view_type": "public", + "site_admin": false, + "name": "Sorena Sarabadani", + "company": "@Adevinta", + "blog": "", + "location": "Berlin, Germany", + "email": "sorena.sarabadani@gmail.com", + "hireable": null, + "bio": "Ex-Shopifyer - Adevinta/Kleinanzeigen", + "twitter_username": "sorena_s", + "notification_email": "sorena.sarabadani@gmail.com", + "public_repos": 12, + "public_gists": 0, + "followers": 38, + "following": 4, + "created_at": "2018-06-08T02:07:15Z", + "updated_at": "2026-01-24T22:07:12Z" +} \ No newline at end of file diff --git a/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/2-r_h_github-api.json b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/2-r_h_github-api.json new file mode 100644 index 0000000000..c58b26f123 --- /dev/null +++ b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/2-r_h_github-api.json @@ -0,0 +1,147 @@ +{ + "id": 617210, + "node_id": "MDEwOlJlcG9zaXRvcnk2MTcyMTA=", + "name": "github-api", + "full_name": "hub4j/github-api", + "private": false, + "owner": { + "login": "hub4j", + "id": 54909825, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjU0OTA5ODI1", + "avatar_url": "https://avatars.githubusercontent.com/u/54909825?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/hub4j", + "html_url": "https://github.com/hub4j", + "followers_url": "https://api.github.com/users/hub4j/followers", + "following_url": "https://api.github.com/users/hub4j/following{/other_user}", + "gists_url": "https://api.github.com/users/hub4j/gists{/gist_id}", + "starred_url": "https://api.github.com/users/hub4j/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/hub4j/subscriptions", + "organizations_url": "https://api.github.com/users/hub4j/orgs", + "repos_url": "https://api.github.com/users/hub4j/repos", + "events_url": "https://api.github.com/users/hub4j/events{/privacy}", + "received_events_url": "https://api.github.com/users/hub4j/received_events", + "type": "Organization", + "user_view_type": "public", + "site_admin": false + }, + "html_url": "https://github.com/hub4j/github-api", + "description": "Java API for GitHub", + "fork": false, + "url": "https://api.github.com/repos/hub4j/github-api", + "forks_url": "https://api.github.com/repos/hub4j/github-api/forks", + "keys_url": "https://api.github.com/repos/hub4j/github-api/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/hub4j/github-api/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/hub4j/github-api/teams", + "hooks_url": "https://api.github.com/repos/hub4j/github-api/hooks", + "issue_events_url": "https://api.github.com/repos/hub4j/github-api/issues/events{/number}", + "events_url": "https://api.github.com/repos/hub4j/github-api/events", + "assignees_url": "https://api.github.com/repos/hub4j/github-api/assignees{/user}", + "branches_url": "https://api.github.com/repos/hub4j/github-api/branches{/branch}", + "tags_url": "https://api.github.com/repos/hub4j/github-api/tags", + "blobs_url": "https://api.github.com/repos/hub4j/github-api/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/hub4j/github-api/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/hub4j/github-api/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/hub4j/github-api/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/hub4j/github-api/statuses/{sha}", + "languages_url": "https://api.github.com/repos/hub4j/github-api/languages", + "stargazers_url": "https://api.github.com/repos/hub4j/github-api/stargazers", + "contributors_url": "https://api.github.com/repos/hub4j/github-api/contributors", + "subscribers_url": "https://api.github.com/repos/hub4j/github-api/subscribers", + "subscription_url": "https://api.github.com/repos/hub4j/github-api/subscription", + "commits_url": "https://api.github.com/repos/hub4j/github-api/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/hub4j/github-api/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/hub4j/github-api/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/hub4j/github-api/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/hub4j/github-api/contents/{+path}", + "compare_url": "https://api.github.com/repos/hub4j/github-api/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/hub4j/github-api/merges", + "archive_url": "https://api.github.com/repos/hub4j/github-api/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/hub4j/github-api/downloads", + "issues_url": "https://api.github.com/repos/hub4j/github-api/issues{/number}", + "pulls_url": "https://api.github.com/repos/hub4j/github-api/pulls{/number}", + "milestones_url": "https://api.github.com/repos/hub4j/github-api/milestones{/number}", + "notifications_url": "https://api.github.com/repos/hub4j/github-api/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/hub4j/github-api/labels{/name}", + "releases_url": "https://api.github.com/repos/hub4j/github-api/releases{/id}", + "deployments_url": "https://api.github.com/repos/hub4j/github-api/deployments", + "created_at": "2010-04-19T04:13:03Z", + "updated_at": "2026-01-25T03:20:40Z", + "pushed_at": "2026-01-25T03:20:35Z", + "git_url": "git://github.com/hub4j/github-api.git", + "ssh_url": "git@github.com:hub4j/github-api.git", + "clone_url": "https://github.com/hub4j/github-api.git", + "svn_url": "https://github.com/hub4j/github-api", + "homepage": "https://hub4j.github.io/github-api/", + "size": 66459, + "stargazers_count": 1230, + "watchers_count": 1230, + "language": "Java", + "has_issues": true, + "has_projects": true, + "has_downloads": true, + "has_wiki": true, + "has_pages": true, + "has_discussions": true, + "forks_count": 769, + "mirror_url": null, + "archived": false, + "disabled": false, + "open_issues_count": 181, + "license": { + "key": "mit", + "name": "MIT License", + "spdx_id": "MIT", + "url": "https://api.github.com/licenses/mit", + "node_id": "MDc6TGljZW5zZTEz" + }, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "api", + "client-library", + "github", + "github-api", + "github-api-v3", + "java", + "java-api" + ], + "visibility": "public", + "forks": 769, + "open_issues": 181, + "watchers": 1230, + "default_branch": "main", + "permissions": { + "admin": false, + "maintain": false, + "push": false, + "triage": false, + "pull": true + }, + "temp_clone_token": "", + "custom_properties": {}, + "organization": { + "login": "hub4j", + "id": 54909825, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjU0OTA5ODI1", + "avatar_url": "https://avatars.githubusercontent.com/u/54909825?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/hub4j", + "html_url": "https://github.com/hub4j", + "followers_url": "https://api.github.com/users/hub4j/followers", + "following_url": "https://api.github.com/users/hub4j/following{/other_user}", + "gists_url": "https://api.github.com/users/hub4j/gists{/gist_id}", + "starred_url": "https://api.github.com/users/hub4j/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/hub4j/subscriptions", + "organizations_url": "https://api.github.com/users/hub4j/orgs", + "repos_url": "https://api.github.com/users/hub4j/repos", + "events_url": "https://api.github.com/users/hub4j/events{/privacy}", + "received_events_url": "https://api.github.com/users/hub4j/received_events", + "type": "Organization", + "user_view_type": "public", + "site_admin": false + }, + "network_count": 769, + "subscribers_count": 40 +} \ No newline at end of file diff --git a/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/3-r_h_g_dependency-graph_sbom.json b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/3-r_h_g_dependency-graph_sbom.json new file mode 100644 index 0000000000..f6ab5b0560 --- /dev/null +++ b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/__files/3-r_h_g_dependency-graph_sbom.json @@ -0,0 +1,1473 @@ +{ + "sbom": { + "spdxVersion": "SPDX-2.3", + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "com.github.hub4j/github-api", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/44697dda-5a9f-4bd4-a619-786180fb7843", + "comment": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#dependencies-included.", + "creationInfo": { + "creators": [ + "Tool: protobom-v0.0.0-20260121122932-f5d50261f216+dirty", + "Tool: GitHub.com-Dependency-Graph" + ], + "created": "2026-01-25T20:41:51Z" + }, + "packages": [ + { + "name": "repo-sync/pull-request", + "SPDXID": "SPDXRef-githubactions-repo-sync-pull-request-2..-75c946", + "versionInfo": "2.*.*", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:githubactions/repo-sync/pull-request@2.%2A.%2A" + } + ] + }, + { + "name": "stefanzweifel/git-auto-commit-action", + "SPDXID": "SPDXRef-githubactions-stefanzweifel-git-auto-commit-action-7..-75c946", + "versionInfo": "7.*.*", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:githubactions/stefanzweifel/git-auto-commit-action@7.%2A.%2A" + } + ] + }, + { + "name": "actions/download-artifact", + "SPDXID": "SPDXRef-githubactions-actions-download-artifact-7..-75c946", + "versionInfo": "7.*.*", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:githubactions/actions/download-artifact@7.%2A.%2A" + } + ] + }, + { + "name": "actions/upload-artifact", + "SPDXID": "SPDXRef-githubactions-actions-upload-artifact-6..-75c946", + "versionInfo": "6.*.*", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:githubactions/actions/upload-artifact@6.%2A.%2A" + } + ] + }, + { + "name": "codecov/codecov-action", + "SPDXID": "SPDXRef-githubactions-codecov-codecov-action-5.5.2-75c946", + "versionInfo": "5.5.2", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:githubactions/codecov/codecov-action@5.5.2" + } + ] + }, + { + "name": "release-drafter/release-drafter", + "SPDXID": "SPDXRef-githubactions-release-drafter-release-drafter-6..-75c946", + "versionInfo": "6.*.*", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:githubactions/release-drafter/release-drafter@6.%2A.%2A" + } + ] + }, + { + "name": "org.hamcrest:hamcrest-library", + "SPDXID": "SPDXRef-maven-org.hamcrest-hamcrest-library-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.hamcrest/hamcrest-library" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-release-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-release-plugin-3.1.1-75c946", + "versionInfo": "3.1.1", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2002-2024 The Apache Software Foundation", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-release-plugin@3.1.1" + } + ] + }, + { + "name": "org.junit:junit-bom", + "SPDXID": "SPDXRef-maven-org.junit-junit-bom-5.13.4-75c946", + "versionInfo": "5.13.4", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.junit/junit-bom@5.13.4" + } + ] + }, + { + "name": "com.diffplug.spotless:spotless-maven-plugin", + "SPDXID": "SPDXRef-maven-com.diffplug.spotless-spotless-maven-plugin-2.46.1-75c946", + "versionInfo": "2.46.1", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.diffplug.spotless/spotless-maven-plugin@2.46.1" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-jar-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-jar-plugin-3.4.2-75c946", + "versionInfo": "3.4.2", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2002-2024 The Apache Software Foundation", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-jar-plugin@3.4.2" + } + ] + }, + { + "name": "com.github.spotbugs:spotbugs-annotations", + "SPDXID": "SPDXRef-maven-com.github.spotbugs-spotbugs-annotations-4.8.6-75c946", + "versionInfo": "4.8.6", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "LGPL-2.1", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-project-info-reports-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-project-info-reports-plugin-3.9.0-75c946", + "versionInfo": "3.9.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0 AND MIT", + "copyrightText": "Copyright 2005-2025 The Apache Software Foundation", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-project-info-reports-plugin@3.9.0" + } + ] + }, + { + "name": "org.hamcrest:hamcrest-core", + "SPDXID": "SPDXRef-maven-org.hamcrest-hamcrest-core-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.hamcrest/hamcrest-core" + } + ] + }, + { + "name": "org.awaitility:awaitility", + "SPDXID": "SPDXRef-maven-org.awaitility-awaitility-4.3.0-75c946", + "versionInfo": "4.3.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2015 the original author or authors", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.awaitility/awaitility@4.3.0" + } + ] + }, + { + "name": "org.slf4j:slf4j-bom", + "SPDXID": "SPDXRef-maven-org.slf4j-slf4j-bom-2.0.17-75c946", + "versionInfo": "2.0.17", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.slf4j/slf4j-bom@2.0.17" + } + ] + }, + { + "name": "com.tngtech.archunit:archunit", + "SPDXID": "SPDXRef-maven-com.tngtech.archunit-archunit-1.4.1-75c946", + "versionInfo": "1.4.1", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright (c) 2000-2011 INRIA, France Telecom, Copyright 2025 TNG Technology Consulting GmbH", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.tngtech.archunit/archunit@1.4.1" + } + ] + }, + { + "name": "com.squareup.okio:okio", + "SPDXID": "SPDXRef-maven-com.squareup.okio-okio-3.16.0-75c946", + "versionInfo": "3.16.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.squareup.okio/okio@3.16.0" + } + ] + }, + { + "name": "io.jsonwebtoken:maven-surefire-plugin", + "SPDXID": "SPDXRef-maven-io.jsonwebtoken-maven-surefire-plugin-0.11.5-75c946", + "versionInfo": "0.11.5", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/io.jsonwebtoken/maven-surefire-plugin@0.11.5" + } + ] + }, + { + "name": "com.github.tomakehurst:wiremock-jre8-standalone", + "SPDXID": "SPDXRef-maven-com.github.tomakehurst-wiremock-jre8-standalone-2.35.2-75c946", + "versionInfo": "2.35.2", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0 AND EPL-1.0 AND EPL-2.0", + "copyrightText": "(c) 2021 Denis Pushkarev, (c) OpenJS Foundation and other contributors, Copyright (c) 1997-2010 Oracle and/or its affiliates, Copyright (c) 1997-2013 Oracle and/or its affiliates, Copyright (c) 2008-2010 Oracle and/or its affiliates, Copyright (c) 2009-2010 Oracle and/or its affiliates, Copyright 1995-2018 Mort Bay Consulting Pty Ltd., Copyright 1996 Aki Yoshida, Copyright 2004 The Apache Software Foundation, Copyright Mort Bay Consulting Pty Ltd", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.github.tomakehurst/wiremock-jre8-standalone@2.35.2" + } + ] + }, + { + "name": "org.hamcrest:hamcrest", + "SPDXID": "SPDXRef-maven-org.hamcrest-hamcrest-3.0-75c946", + "versionInfo": "3.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "BSD-3-Clause", + "copyrightText": "Copyright (c) 2000-2024, www.hamcrest.org", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.hamcrest/hamcrest@3.0" + } + ] + }, + { + "name": "org.jacoco:jacoco-maven-plugin", + "SPDXID": "SPDXRef-maven-org.jacoco-jacoco-maven-plugin-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.jacoco/jacoco-maven-plugin" + } + ] + }, + { + "name": "org.jenkins-ci:maven-compiler-plugin", + "SPDXID": "SPDXRef-maven-org.jenkins-ci-maven-compiler-plugin-3.14.0-75c946", + "versionInfo": "3.14.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.jenkins-ci/maven-compiler-plugin@3.14.0" + } + ] + }, + { + "name": "org.sonatype.plugins:nexus-staging-maven-plugin", + "SPDXID": "SPDXRef-maven-org.sonatype.plugins-nexus-staging-maven-plugin-1.7.0-75c946", + "versionInfo": "1.7.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "copyrightText": "Copyright (c) 2007-2015 Sonatype, Inc., Copyright (c) 2008-present Sonatype, Inc.", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.sonatype.plugins/nexus-staging-maven-plugin@1.7.0" + } + ] + }, + { + "name": "com.google.guava:guava", + "SPDXID": "SPDXRef-maven-com.google.guava-guava-33.4.6-jre-75c946", + "versionInfo": "33.4.6-jre", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.google.guava/guava@33.4.6-jre" + } + ] + }, + { + "name": "org.mockito:mockito-core", + "SPDXID": "SPDXRef-maven-org.mockito-mockito-core-5.21.0-75c946", + "versionInfo": "5.21.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "MIT", + "copyrightText": "Copyright (c) 2007 Mockito contributors", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.mockito/mockito-core@5.21.0" + } + ] + }, + { + "name": "com.infradna.tool:bridge-method-injector", + "SPDXID": "SPDXRef-maven-com.infradna.tool-bridge-method-injector-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.infradna.tool/bridge-method-injector" + } + ] + }, + { + "name": "org.kohsuke:wordnet-random-name", + "SPDXID": "SPDXRef-maven-org.kohsuke-wordnet-random-name-1.6-75c946", + "versionInfo": "1.6", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "MIT", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.kohsuke/wordnet-random-name@1.6" + } + ] + }, + { + "name": "io.jsonwebtoken:jjwt-jackson", + "SPDXID": "SPDXRef-maven-io.jsonwebtoken-jjwt-jackson-0.13.0-75c946", + "versionInfo": "0.13.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2018 JWTK", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/io.jsonwebtoken/jjwt-jackson@0.13.0" + } + ] + }, + { + "name": "org.hamcrest:hamcrest", + "SPDXID": "SPDXRef-maven-org.hamcrest-hamcrest-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.hamcrest/hamcrest" + } + ] + }, + { + "name": "com.github.ekryd.sortpom:sortpom-maven-plugin", + "SPDXID": "SPDXRef-maven-com.github.ekryd.sortpom-sortpom-maven-plugin-4.0.0-75c946", + "versionInfo": "4.0.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.github.ekryd.sortpom/sortpom-maven-plugin@4.0.0" + } + ] + }, + { + "name": "com.fasterxml.jackson:jackson-bom", + "SPDXID": "SPDXRef-maven-com.fasterxml.jackson-jackson-bom-2.21.0-75c946", + "versionInfo": "2.21.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.fasterxml.jackson/jackson-bom@2.21.0" + } + ] + }, + { + "name": "io.jsonwebtoken:jjwt-api", + "SPDXID": "SPDXRef-maven-io.jsonwebtoken-jjwt-api-0.13.0-75c946", + "versionInfo": "0.13.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2018 JWTK", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/io.jsonwebtoken/jjwt-api@0.13.0" + } + ] + }, + { + "name": "com.google.code.gson:gson", + "SPDXID": "SPDXRef-maven-com.google.code.gson-gson-2.13.2-75c946", + "versionInfo": "2.13.2", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2008 Google LLC", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.google.code.gson/gson@2.13.2" + } + ] + }, + { + "name": "com.infradna.tool:bridge-method-injector", + "SPDXID": "SPDXRef-maven-com.infradna.tool-bridge-method-injector-1.31-75c946", + "versionInfo": "1.31", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.infradna.tool/bridge-method-injector@1.31" + } + ] + }, + { + "name": "com.infradna.tool:bridge-method-annotation", + "SPDXID": "SPDXRef-maven-com.infradna.tool-bridge-method-annotation-1.31-75c946", + "versionInfo": "1.31", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.infradna.tool/bridge-method-annotation@1.31" + } + ] + }, + { + "name": "io.jsonwebtoken:jjwt-impl", + "SPDXID": "SPDXRef-maven-io.jsonwebtoken-jjwt-impl-0.13.0-75c946", + "versionInfo": "0.13.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2018 JWTK", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/io.jsonwebtoken/jjwt-impl@0.13.0" + } + ] + }, + { + "name": "com.fasterxml.jackson.core:jackson-databind", + "SPDXID": "SPDXRef-maven-com.fasterxml.jackson.core-jackson-databind-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.fasterxml.jackson.core/jackson-databind" + } + ] + }, + { + "name": "com.diffplug.spotless:spotless-maven-plugin", + "SPDXID": "SPDXRef-maven-com.diffplug.spotless-spotless-maven-plugin-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.diffplug.spotless/spotless-maven-plugin" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-project-info-reports-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-project-info-reports-plugin-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-project-info-reports-plugin" + } + ] + }, + { + "name": "com.github.spotbugs:spotbugs", + "SPDXID": "SPDXRef-maven-com.github.spotbugs-spotbugs-4.8.6-75c946", + "versionInfo": "4.8.6", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "LGPL-2.1", + "copyrightText": "(c) . Calling, Copyright (c) 1991, 1999 Free Software Foundation, Inc., Copyright (c) 2003-2008 University of Maryland and others, Copyright (c) 2004,2005 University of Maryland, Copyright (c) 2005, 2006 Etienne Giraudy, InStranet Inc, Copyright (c) 2005, 2007 Etienne Giraudy, Copyright (c) 2005, Chris Nappin, Copyright (c) 2015, 2017, Brahim Djoudi, Copyright (c) 2019 Bjorn Kautler, copyrighted by the Free Software Foundation", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.github.spotbugs/spotbugs@4.8.6" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-site-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-site-plugin-3.21.0-75c946", + "versionInfo": "3.21.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND EPL-1.0 AND EPL-2.0 AND LicenseRef-scancode-public-domain AND MIT", + "copyrightText": "Copyright 2002-2024 The Apache Software Foundation", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-site-plugin@3.21.0" + } + ] + }, + { + "name": "org.sonatype.plugins:nexus-staging-maven-plugin", + "SPDXID": "SPDXRef-maven-org.sonatype.plugins-nexus-staging-maven-plugin-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.sonatype.plugins/nexus-staging-maven-plugin" + } + ] + }, + { + "name": "org.hamcrest:hamcrest-library", + "SPDXID": "SPDXRef-maven-org.hamcrest-hamcrest-library-3.0-75c946", + "versionInfo": "3.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "BSD-3-Clause", + "copyrightText": "Copyright (c) 2000-2024, www.hamcrest.org", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.hamcrest/hamcrest-library@3.0" + } + ] + }, + { + "name": "org.springframework.boot:spring-boot-starter-test", + "SPDXID": "SPDXRef-maven-org.springframework.boot-spring-boot-starter-test-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.springframework.boot/spring-boot-starter-test" + } + ] + }, + { + "name": "org.apache.bcel:bcel", + "SPDXID": "SPDXRef-maven-org.apache.bcel-bcel-6.10.0-75c946", + "versionInfo": "6.10.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2004-2024 The Apache Software Foundation", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.bcel/bcel@6.10.0" + } + ] + }, + { + "name": "com.github.siom79.japicmp:japicmp-maven-plugin", + "SPDXID": "SPDXRef-maven-com.github.siom79.japicmp-japicmp-maven-plugin-0.23.1-75c946", + "versionInfo": "0.23.1", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.github.siom79.japicmp/japicmp-maven-plugin@0.23.1" + } + ] + }, + { + "name": "junit:junit", + "SPDXID": "SPDXRef-maven-junit-junit-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/junit/junit" + } + ] + }, + { + "name": "junit:junit", + "SPDXID": "SPDXRef-maven-junit-junit-4.13.2-75c946", + "versionInfo": "4.13.2", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "EPL-1.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/junit/junit@4.13.2" + } + ] + }, + { + "name": "org.junit.vintage:junit-vintage-engine", + "SPDXID": "SPDXRef-maven-org.junit.vintage-junit-vintage-engine-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.junit.vintage/junit-vintage-engine" + } + ] + }, + { + "name": "com.github.npathai:hamcrest-optional", + "SPDXID": "SPDXRef-maven-com.github.npathai-hamcrest-optional-2.0.0-75c946", + "versionInfo": "2.0.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "MIT", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.github.npathai/hamcrest-optional@2.0.0" + } + ] + }, + { + "name": "org.springframework.boot:spring-boot-dependencies", + "SPDXID": "SPDXRef-maven-org.springframework.boot-spring-boot-dependencies-3.4.5-75c946", + "versionInfo": "3.4.5", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.springframework.boot/spring-boot-dependencies@3.4.5" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-gpg-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-gpg-plugin-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-gpg-plugin" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-javadoc-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-javadoc-plugin-3.12.0-75c946", + "versionInfo": "3.12.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND LicenseRef-scancode-public-domain AND MIT", + "copyrightText": "Copyright 2004-2025 The Apache Software Foundation, Copyright 2005, a http://www.mycompany.com MyCompany, Inc. a Note:If the project", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-javadoc-plugin@3.12.0" + } + ] + }, + { + "name": "org.hamcrest:hamcrest-core", + "SPDXID": "SPDXRef-maven-org.hamcrest-hamcrest-core-3.0-75c946", + "versionInfo": "3.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "BSD-3-Clause", + "copyrightText": "Copyright (c) 2000-2024, www.hamcrest.org", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.hamcrest/hamcrest-core@3.0" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-gpg-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-gpg-plugin-3.2.7-75c946", + "versionInfo": "3.2.7", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2002-2024 The Apache Software Foundation", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-gpg-plugin@3.2.7" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-help-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-help-plugin-3.5.1-75c946", + "versionInfo": "3.5.1", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND EPL-2.0 AND LicenseRef-scancode-jdom AND MIT AND SAX-PD AND xpp", + "copyrightText": "Copyright 2001-2024 The Apache Software Foundation", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-help-plugin@3.5.1" + } + ] + }, + { + "name": "org.codehaus.mojo:versions-maven-plugin", + "SPDXID": "SPDXRef-maven-org.codehaus.mojo-versions-maven-plugin-2.18.0-75c946", + "versionInfo": "2.18.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright MojoHaus and Contributors", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.codehaus.mojo/versions-maven-plugin@2.18.0" + } + ] + }, + { + "name": "org.jacoco:jacoco-maven-plugin", + "SPDXID": "SPDXRef-maven-org.jacoco-jacoco-maven-plugin-0.8.13-75c946", + "versionInfo": "0.8.13", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "EPL-2.0", + "copyrightText": "Copyright (c) 2009, 2025 Mountainminds GmbH & Co. KG and Contributors", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.jacoco/jacoco-maven-plugin@0.8.13" + } + ] + }, + { + "name": "com.squareup.okhttp3:okhttp", + "SPDXID": "SPDXRef-maven-com.squareup.okhttp3-okhttp-4.12.0-75c946", + "versionInfo": "4.12.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.squareup.okhttp3/okhttp@4.12.0" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-enforcer-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.5.0-75c946", + "versionInfo": "3.5.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2007-2024 The Apache Software Foundation", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-enforcer-plugin@3.5.0" + } + ] + }, + { + "name": "commons-io:commons-io", + "SPDXID": "SPDXRef-maven-commons-io-commons-io-2.16.1-75c946", + "versionInfo": "2.16.1", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2002-2024 The Apache Software Foundation", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/commons-io/commons-io@2.16.1" + } + ] + }, + { + "name": "org.springframework.boot:spring-boot-maven-plugin", + "SPDXID": "SPDXRef-maven-org.springframework.boot-spring-boot-maven-plugin-3.4.5-75c946", + "versionInfo": "3.4.5", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright (c) 2012-2025 VMware, Inc.", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@3.4.5" + } + ] + }, + { + "name": "org.apache.commons:commons-lang3", + "SPDXID": "SPDXRef-maven-org.apache.commons-commons-lang3-3.19.0-75c946", + "versionInfo": "3.19.0", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "licenseConcluded": "Apache-2.0", + "copyrightText": "Copyright 2001-2017 The Apache Software Foundation", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.commons/commons-lang3@3.19.0" + } + ] + }, + { + "name": "com.github.spotbugs:spotbugs-maven-plugin", + "SPDXID": "SPDXRef-maven-com.github.spotbugs-spotbugs-maven-plugin-4.9.8.2-75c946", + "versionInfo": "4.9.8.2", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.9.8.2" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-javadoc-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-javadoc-plugin-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-javadoc-plugin" + } + ] + }, + { + "name": "com.fasterxml.jackson.datatype:jackson-datatype-jsr310", + "SPDXID": "SPDXRef-maven-com.fasterxml.jackson.datatype-jackson-datatype-jsr310-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310" + } + ] + }, + { + "name": "org.apache.maven.plugins:maven-source-plugin", + "SPDXID": "SPDXRef-maven-org.apache.maven.plugins-maven-source-plugin-75c946", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:maven/org.apache.maven.plugins/maven-source-plugin" + } + ] + }, + { + "name": "actions/checkout", + "SPDXID": "SPDXRef-githubactions-actions-checkout-6..-75c946", + "versionInfo": "6.*.*", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:githubactions/actions/checkout@6.%2A.%2A" + } + ] + }, + { + "name": "github/codeql-action/analyze", + "SPDXID": "SPDXRef-githubactions-githubcodeql-action-analyze-4..-75c946", + "versionInfo": "4.*.*", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:githubactions/github/codeql-action/analyze@4.%2A.%2A" + } + ] + }, + { + "name": "github/codeql-action/autobuild", + "SPDXID": "SPDXRef-githubactions-githubcodeql-action-autobuild-4..-75c946", + "versionInfo": "4.*.*", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:githubactions/github/codeql-action/autobuild@4.%2A.%2A" + } + ] + }, + { + "name": "github/codeql-action/init", + "SPDXID": "SPDXRef-githubactions-githubcodeql-action-init-4..-75c946", + "versionInfo": "4.*.*", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:githubactions/github/codeql-action/init@4.%2A.%2A" + } + ] + }, + { + "name": "actions/setup-java", + "SPDXID": "SPDXRef-githubactions-actions-setup-java-5..-75c946", + "versionInfo": "5.*.*", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:githubactions/actions/setup-java@5.%2A.%2A" + } + ] + }, + { + "name": "com.github.hub4j/github-api", + "SPDXID": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "versionInfo": "main", + "downloadLocation": "git+https://github.com/hub4j/github-api", + "filesAnalyzed": false, + "licenseDeclared": "MIT", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/hub4j/github-api@main" + } + ] + } + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-githubactions-release-drafter-release-drafter-6..-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-io.jsonwebtoken-jjwt-api-0.13.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.infradna.tool-bridge-method-annotation-1.31-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.github.spotbugs-spotbugs-4.8.6-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-javadoc-plugin-3.12.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.springframework.boot-spring-boot-maven-plugin-3.4.5-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-githubactions-githubcodeql-action-autobuild-4..-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.infradna.tool-bridge-method-injector-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.github.ekryd.sortpom-sortpom-maven-plugin-4.0.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-gpg-plugin-3.2.7-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.github.tomakehurst-wiremock-jre8-standalone-2.35.2-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.hamcrest-hamcrest-library-3.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.sonatype.plugins-nexus-staging-maven-plugin-1.7.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.google.guava-guava-33.4.6-jre-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.fasterxml.jackson.core-jackson-databind-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-junit-junit-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.slf4j-slf4j-bom-2.0.17-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.squareup.okio-okio-3.16.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-io.jsonwebtoken-maven-surefire-plugin-0.11.5-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.fasterxml.jackson-jackson-bom-2.21.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.codehaus.mojo-versions-maven-plugin-2.18.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.fasterxml.jackson.datatype-jackson-datatype-jsr310-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-githubactions-githubcodeql-action-init-4..-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-githubactions-repo-sync-pull-request-2..-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-githubactions-actions-download-artifact-7..-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-release-plugin-3.1.1-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.jenkins-ci-maven-compiler-plugin-3.14.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-javadoc-plugin-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-githubactions-actions-setup-java-5..-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.hamcrest-hamcrest-library-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.github.spotbugs-spotbugs-annotations-4.8.6-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.jacoco-jacoco-maven-plugin-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.kohsuke-wordnet-random-name-1.6-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.hamcrest-hamcrest-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-githubactions-codecov-codecov-action-5.5.2-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.awaitility-awaitility-4.3.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-io.jsonwebtoken-jjwt-impl-0.13.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.junit.vintage-junit-vintage-engine-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-enforcer-plugin-3.5.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.commons-commons-lang3-3.19.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-githubactions-actions-checkout-6..-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-site-plugin-3.21.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.github.spotbugs-spotbugs-maven-plugin-4.9.8.2-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-jar-plugin-3.4.2-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.hamcrest-hamcrest-3.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.google.code.gson-gson-2.13.2-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.bcel-bcel-6.10.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.springframework.boot-spring-boot-dependencies-3.4.5-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-githubactions-stefanzweifel-git-auto-commit-action-7..-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-project-info-reports-plugin-3.9.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.infradna.tool-bridge-method-injector-1.31-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-project-info-reports-plugin-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.springframework.boot-spring-boot-starter-test-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.github.npathai-hamcrest-optional-2.0.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-help-plugin-3.5.1-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.squareup.okhttp3-okhttp-4.12.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.hamcrest-hamcrest-core-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.sonatype.plugins-nexus-staging-maven-plugin-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-junit-junit-4.13.2-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-gpg-plugin-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.hamcrest-hamcrest-core-3.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-commons-io-commons-io-2.16.1-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.github.siom79.japicmp-japicmp-maven-plugin-0.23.1-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.junit-junit-bom-5.13.4-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.diffplug.spotless-spotless-maven-plugin-2.46.1-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.mockito-mockito-core-5.21.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.diffplug.spotless-spotless-maven-plugin-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.apache.maven.plugins-maven-source-plugin-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-githubactions-githubcodeql-action-analyze-4..-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-githubactions-actions-upload-artifact-6..-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-com.tngtech.archunit-archunit-1.4.1-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-io.jsonwebtoken-jjwt-jackson-0.13.0-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relatedSpdxElement": "SPDXRef-maven-org.jacoco-jacoco-maven-plugin-0.8.13-75c946", + "relationshipType": "DEPENDS_ON" + }, + { + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-github-hub4j-github-api-main-a85d1d", + "relationshipType": "DESCRIBES" + } + ] + } +} \ No newline at end of file diff --git a/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/1-user.json b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/1-user.json new file mode 100644 index 0000000000..6557ca146b --- /dev/null +++ b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/1-user.json @@ -0,0 +1,48 @@ +{ + "id": "0ba42e6c-e026-4ca8-a520-4ada5db860ab", + "name": "user", + "request": { + "url": "/user", + "method": "GET", + "headers": { + "Accept": { + "equalTo": "application/vnd.github+json" + } + } + }, + "response": { + "status": 200, + "bodyFileName": "1-user.json", + "headers": { + "Date": "Sun, 25 Jan 2026 20:41:50 GMT", + "Content-Type": "application/json; charset=utf-8", + "Cache-Control": "private, max-age=60, s-maxage=60", + "Vary": "Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With", + "ETag": "W/\"15d7e1ad92a3639b979fc55254902e63ee0bfa5c8f6766990bf989044d491ce1\"", + "Last-Modified": "Sat, 24 Jan 2026 22:07:12 GMT", + "X-OAuth-Scopes": "repo", + "X-Accepted-OAuth-Scopes": "", + "github-authentication-token-expiration": "2026-02-19 19:55:13 UTC", + "X-GitHub-Media-Type": "github.v3; format=json", + "x-github-api-version-selected": "2022-11-28", + "Access-Control-Expose-Headers": "ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset", + "Access-Control-Allow-Origin": "*", + "Strict-Transport-Security": "max-age=31536000; includeSubdomains; preload", + "X-Frame-Options": "deny", + "X-Content-Type-Options": "nosniff", + "X-XSS-Protection": "0", + "Referrer-Policy": "origin-when-cross-origin, strict-origin-when-cross-origin", + "Content-Security-Policy": "default-src 'none'", + "Server": "github.com", + "X-RateLimit-Limit": "5000", + "X-RateLimit-Remaining": "4967", + "X-RateLimit-Reset": "1769376437", + "X-RateLimit-Used": "33", + "X-RateLimit-Resource": "core", + "X-GitHub-Request-Id": "D811:46DF2:7814A84:68A21E7:6976800E" + } + }, + "uuid": "0ba42e6c-e026-4ca8-a520-4ada5db860ab", + "persistent": true, + "insertionIndex": 1 +} \ No newline at end of file diff --git a/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/2-r_h_github-api.json b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/2-r_h_github-api.json new file mode 100644 index 0000000000..548fa41554 --- /dev/null +++ b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/2-r_h_github-api.json @@ -0,0 +1,48 @@ +{ + "id": "42f56d16-61bc-426a-a09b-afffded9a024", + "name": "repos_hub4j_github-api", + "request": { + "url": "/repos/hub4j/github-api", + "method": "GET", + "headers": { + "Accept": { + "equalTo": "application/vnd.github+json" + } + } + }, + "response": { + "status": 200, + "bodyFileName": "2-r_h_github-api.json", + "headers": { + "Date": "Sun, 25 Jan 2026 20:41:51 GMT", + "Content-Type": "application/json; charset=utf-8", + "Cache-Control": "private, max-age=60, s-maxage=60", + "Vary": "Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With", + "ETag": "W/\"9f0cbcc557c793f0d6cc5f0a5913e8d87c01403a8f95e3142373acf8e03059ab\"", + "Last-Modified": "Sun, 25 Jan 2026 03:20:40 GMT", + "X-OAuth-Scopes": "repo", + "X-Accepted-OAuth-Scopes": "repo", + "github-authentication-token-expiration": "2026-02-19 19:55:13 UTC", + "X-GitHub-Media-Type": "github.v3; format=json", + "x-github-api-version-selected": "2022-11-28", + "Access-Control-Expose-Headers": "ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset", + "Access-Control-Allow-Origin": "*", + "Strict-Transport-Security": "max-age=31536000; includeSubdomains; preload", + "X-Frame-Options": "deny", + "X-Content-Type-Options": "nosniff", + "X-XSS-Protection": "0", + "Referrer-Policy": "origin-when-cross-origin, strict-origin-when-cross-origin", + "Content-Security-Policy": "default-src 'none'", + "Server": "github.com", + "X-RateLimit-Limit": "5000", + "X-RateLimit-Remaining": "4965", + "X-RateLimit-Reset": "1769376437", + "X-RateLimit-Used": "35", + "X-RateLimit-Resource": "core", + "X-GitHub-Request-Id": "D813:19034C:6982D26:5A5E281:6976800F" + } + }, + "uuid": "42f56d16-61bc-426a-a09b-afffded9a024", + "persistent": true, + "insertionIndex": 2 +} \ No newline at end of file diff --git a/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/3-r_h_g_dependency-graph_sbom.json b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/3-r_h_g_dependency-graph_sbom.json new file mode 100644 index 0000000000..5a9f430d58 --- /dev/null +++ b/src/test/resources/org/kohsuke/github/GHSBOMTest/wiremock/getSBOM/mappings/3-r_h_g_dependency-graph_sbom.json @@ -0,0 +1,47 @@ +{ + "id": "9f660fc2-8293-47e1-9a02-ff520ec1a3c8", + "name": "repos_hub4j_github-api_dependency-graph_sbom", + "request": { + "url": "/repos/hub4j/github-api/dependency-graph/sbom", + "method": "GET", + "headers": { + "Accept": { + "equalTo": "application/vnd.github+json" + } + } + }, + "response": { + "status": 200, + "bodyFileName": "3-r_h_g_dependency-graph_sbom.json", + "headers": { + "Date": "Sun, 25 Jan 2026 20:41:52 GMT", + "Content-Type": "application/json; charset=utf-8", + "Cache-Control": "private, max-age=60, s-maxage=60", + "Vary": "Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With", + "ETag": "W/\"6a7fd8420f2ebcb127ef4b8379638f4d547d2e1bb1a100de08eaf29fb98364d3\"", + "X-OAuth-Scopes": "repo", + "X-Accepted-OAuth-Scopes": "repo", + "github-authentication-token-expiration": "2026-02-19 19:55:13 UTC", + "X-GitHub-Media-Type": "github.v3; format=json", + "x-github-api-version-selected": "2022-11-28", + "X-RateLimit-Limit": "100", + "X-RateLimit-Remaining": "99", + "X-RateLimit-Reset": "1769373772", + "X-RateLimit-Used": "1", + "X-RateLimit-Resource": "dependency_sbom", + "Access-Control-Expose-Headers": "ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset", + "Access-Control-Allow-Origin": "*", + "Strict-Transport-Security": "max-age=31536000; includeSubdomains; preload", + "X-Frame-Options": "deny", + "X-Content-Type-Options": "nosniff", + "X-XSS-Protection": "0", + "Referrer-Policy": "origin-when-cross-origin, strict-origin-when-cross-origin", + "Content-Security-Policy": "default-src 'none'", + "Server": "github.com", + "X-GitHub-Request-Id": "D814:19034C:6982F8E:5A5E487:6976800F" + } + }, + "uuid": "9f660fc2-8293-47e1-9a02-ff520ec1a3c8", + "persistent": true, + "insertionIndex": 3 +} \ No newline at end of file