feat(UI/REST): CycloneDX SBOM Importer & Exporter

[akapti]

Please provide a summary of your changes here.

This feature enables the possibility to import and export a CycloneDx SBOM to and from SW360 respectively.

Issue: #1146

Suggest Reviewer

@ag4ums @smrutis1

How To Test?

• Both XML and JSON format of CycloneDX SBOM is supported for import and export.

$\textcolor{yellow}{\text{IMPORT:}}$

• Importing a CycloneDx SBOM will create Components and Releases in SW360 Project as per the list of Components present in SBOM.
• For successful import, SBOM file will be linked to the Project as attachment of type SBOM.
• For successful import, SBOM import status file with name SBOM-FILE-NAME_ImportStatus_Creation-Date-Time.json containing import relevant information like Components count, Release count, Components with missing name or version etc.
• Import can be performed from Project Home page or Project Details page.
• Import / Export can be controlled based on user role using the property sbom.import.export.access.usergroup in sw360.properties file. Default value is USER.
• $\textcolor{cyan}{\text{Import from Project Home page:}}$
  • An SBOM should be imported from Project Home page if you want to create a new Project based on Component present in metadata tag of SBOM and link all the Components to the newly created Project.
  • Import will fail if there is already an existing Project with same name and version as Component present in SBOM metadata tag.
  • Any user should be able to import SBOM from Project Home page.
• $\textcolor{cyan}{\text{Import from Project Details page:}}$
  • An SBOM should be imported from Project Details page if you want to update the existing Project with new or updated Components from SBOM.
  • Import will fail if existing Project name and version is not the same as Component present in SBOM metadata tag.
  • Only user with write access to Project should be able to import an SBOM from Project Home page.

$\textcolor{yellow}{\text{EXPORT:}}$

• Export can be performed from Project Details page only.
• Export SBOM button will be shown if and only if there is at least one directly linked Release or sub-Project.
• Exporting will create a CycloneDx SBOM from Components and Releases present in SW360 Project.
• By default only directly linked Releases of the Project are included while exporting an SBOM.
• To include Releases of Sub-Projects in the exported SBOM, user should check the Include releases from sub-projects in exported sbom? checkbox.
• Linked Release of a Release will always be ignored while exporting SBOM.

$\textcolor{yellow}{\text{REST API:}}$

• Currently REST API for only importing an SBOM is available in this PR.
• REST API for exporting the SBOM will be a added later as a part of different PR.

$\textcolor{yellow}{\text{SCREENSHOT:}}$

• PROJECT HOME PAGE:
  
  
  

• PROJECT DETAILS PAGE:
  
  
  
  

Checklist

Must:

• All related issues are referenced in commit messages and in PR

Signed-off-by: afsahsyeda [email protected]
Signed-off-by: akapti [email protected]

[smrutis1]

Requesting some minor changes

[smrutis1]

Kindly try to remove the hard-coded path

[akapti]

I have made in configurable via sw360.properties : datahandler.pom.file.path

[ag4ums]

import and export is working fine

[smrutis1]

Code looks good