Example

Actuator BOM

Demonstrates how a generated software bill of materials can be downloaded through the Helix BOM actuator endpoint. Shows the Helix SBOM plugin, the management-port download flow, and the response headers used for auditing.

Group: REST API
Path: examples/rest-api/actuator-bom

Source README

Overview

Helix Spring Boot webservice that shows how a generated software bill of materials can be downloaded through actuator for auditing.

Run this example from the shared examples build:


./gradlew -p examples runExample -Pexample=rest-api/actuator-bom --init-script "$(pwd)/helix.init.gradle"

What It Shows

the Helix API starter baseline
generating bom.json with the Helix SBOM plugin
exposing the generated SBOM through the Helix BOM actuator endpoint
downloading the SBOM from the management port for audit and inventory workflows
the response headers used for a downloadable BOM artifact

Endpoints

GET /v1/actuator-bom/audit
GET /bom
GET /liveness
GET /health

Example success response

{
  "request_id": "generated-by-helix",
  "status": "SUCCESS",
  "timestamp": "2026-03-15T12:34:56+0000",
  "data": {
    "application": "actuator-bom",
    "auditPurpose": "Inventory the service dependencies through the Helix BOM actuator endpoint.",
    "managementBomUrl": "http://localhost:8081/bom"
  }
}

Development

Building the Application

Run the following command to build the service:


./gradlew clean build

Testing the Application

Run the following command to run the service tests:


./gradlew test
./gradlew integration

Trying the API

Run the service:

Then try:

The business endpoint explains the audit use case, and the management endpoint serves the generated bom.json artifact directly from the application. The BOM response is downloadable and marked with Cache-Control: no-cache so auditors always retrieve the current SBOM for that running service.


./gradlew bootRun


curl http://localhost:8080/v1/actuator-bom/audit

curl -i http://localhost:8081/bom

curl http://localhost:8081/bom -o bom.json