SBOM ingestion

[barv-jfrog]

• [ ] All tests passed. If this feature is not already covered by the tests, I added new tests.
• [x] All static analysis checks passed.
• [x] This pull request is on the dev branch.

• [x] I used gofmt for formatting the code before submitting the pull request.

The point of this PR is part of 3 PRs that enable the command "jf sbom-enrich" which takes XML/JSON of a CycloneDX SBOMs of packages/dockers, sends it to XRAY for scanning (to find vulnerabilities) and print out the input (which is xml/json cyclonedx) with vulnerabilities section that was found in XRAY. It basically uses a new API that can digest these new formats, but it still uses GraphScan and ExportGraphScan which are pre-existing APIs. That's why there are some similarities between the two.

[github-actions[bot]]

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

[barv-jfrog]

I have read the CLA Document and I hereby sign the CLA

[barv-jfrog]

The point of this PR is part of 3 PRs that enable the command "jf sbom-enrich" which takes XML/JSON of a CycloneDX SBOMs of packages/dockers, sends it to XRAY for scanning (to find vulnerabilities) and print out the input (which is xml/json cyclonedx) with vulnerabilities section that was found in XRAY. It basically uses a new API that can digest these new formats, but it still uses GraphScan and ExportGraphScan which are pre-existing APIs. That's why there are some similarities between the two.

[barv-jfrog]

• Add description to the PR
• Change the README.md to include those changes.
• Add tests at tests for the new service

Added description and changed README.md to include those changes. Regarding tests - I use similar functions to Scan just with different XRAY Api. I have not seen tests for these functions in scan service. @attiasas

[github-actions[bot]]

[](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)

---

[🐸 JFrog Frogbot](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)