Common.Sbom.Lib 1.0.0

Common SBOM Library - Controller Usage

Overview

The Common SBOM Library now includes a ready-to-use controller that can be easily integrated into any microservice with minimal configuration. This eliminates the need to implement SBOM endpoints in each service individually.

Features

• Automatic SBOM Generation: GET /api/sbom - Generate SBOM for the current service
• File Downloads: GET /api/sbom/download - Download SBOM as file
• Validation: POST /api/sbom/validate - Validate SBOM documents
• Health Checks: GET /api/sbom/health - Service health status
• Metadata: GET /api/sbom/metadata - Service and configuration info
• Aggregation: GET /api/sbom/aggregate - Aggregate multiple service SBOMs (optional)

Quick Start

1. Basic Setup (Minimal Configuration)

// Program.cs
using Common.Sbom.Lib.Extensions;

var builder = WebApplication.CreateBuilder(args);

// Add SBOM services with controller
builder.Services.AddSbomServicesWithController();

var app = builder.Build();

// Your other middleware...
app.MapControllers();
app.Run();

Result: SBOM endpoints available at /api/sbom/*

2. Custom Configuration

// Program.cs
builder.Services.AddSbomServicesWithController(
    configuration: builder.Configuration,
    configureControllerOptions: options =>
    {
        options.RoutePrefix = "api/v1/compliance/sbom";
        options.RequireAuthentication = true;
        options.EnableDownload = true;
        options.EnableValidation = false;
        options.EnableAggregation = false; // Individual service mode
        options.CacheDuration = TimeSpan.FromMinutes(10);
        options.ServiceName = "UserService";
        options.ServiceVersion = "2.1.0";
        options.AdditionalMetadata = new Dictionary<string, object>
        {
            ["Environment"] = "Production",
            ["Owner"] = "Platform Team"
        };
    });

3. Advanced Setup (Separate Registration)

// Program.cs
// Add core services first
builder.Services.AddSbomServices(builder.Configuration);

// Add controller with specific configuration
builder.Services.AddSbomController(options =>
{
    options.RoutePrefix = "compliance/sbom";
    options.RequireAuthentication = true;
    options.SupportedFormats = new List<SbomFormat> 
    { 
        SbomFormat.CycloneDx, 
        SbomFormat.Spdx 
    };
});

// Add health checks
builder.Services.AddSbomHealthChecks();

Available Endpoints

Core Endpoints (Always Available)

Optional Endpoints (Configurable)

Configuration Options

public class SbomControllerOptions
{
    public string RoutePrefix { get; set; } = "api/sbom";
    public bool EnableController { get; set; } = true;
    public bool EnableDownload { get; set; } = true;
    public bool EnableValidation { get; set; } = true;
    public bool EnableAggregation { get; set; } = false;
    public bool RequireAuthentication { get; set; } = false;
    public bool EnableSwagger { get; set; } = true;
    public TimeSpan CacheDuration { get; set; } = TimeSpan.FromMinutes(5);
    public List<SbomFormat> SupportedFormats { get; set; } = [CycloneDx, Spdx, Json];
    public string ServiceName { get; set; } = ""; // Auto-detected from assembly
    public string ServiceVersion { get; set; } = ""; // Auto-detected from assembly
    public Dictionary<string, object> AdditionalMetadata { get; set; } = new();
}

Authentication Integration

If you enable RequireAuthentication = true, the controller will check User.Identity.IsAuthenticated. Ensure your authentication middleware is configured:

// Add your authentication
builder.Services.AddAuthentication("Bearer")
    .AddJwtBearer("Bearer", options => { /* your config */ });

// Add SBOM with authentication
builder.Services.AddSbomServicesWithController(
    configureControllerOptions: options => 
    {
        options.RequireAuthentication = true;
    });

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();

Microservices Architecture Benefits

1. Consistency: All services have identical SBOM endpoints
2. Zero Code Duplication: One-line setup across all services
3. Centralized Maintenance: Updates happen in one place
4. Flexible Configuration: Each service can customize as needed
5. Security: Centralized authentication and authorization
6. Compliance: Standardized SBOM generation across the organization

Example Service Integration

// UserService/Program.cs
using Common.Sbom.Lib.Extensions;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddControllers();
builder.Services.AddAuthentication(/* your auth setup */);

// One line to add SBOM functionality!
builder.Services.AddSbomServicesWithController(
    builder.Configuration,
    options => options.RequireAuthentication = true);

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();
app.MapControllers(); // SBOM controller is automatically included

app.Run();

Testing Your Integration

After integration, test these endpoints:

# Get service SBOM
curl https://your-service/api/sbom

# Get service metadata
curl https://your-service/api/sbom/metadata

# Health check
curl https://your-service/api/sbom/health

# Download SBOM file
curl https://your-service/api/sbom/download?format=CycloneDx

Swagger/OpenAPI Integration

The controller includes Swagger annotations. Your service's Swagger UI will automatically show the SBOM endpoints with full documentation.