feat: added new endpoints for ExploitIQ reports

[jcrossley3]

Fixes: #1967

Cleaned up a bit of the download endpoint while I was in there.

Summary by Sourcery

Add new ExploitIQ report functionality by integrating an HTTP client, creating POST and GET endpoints, refactoring the SBOM download handler, enhancing error types, updating dependencies, and extending the API documentation in OpenAPI.

New Features:

• Introduce ExploitIQ integration with endpoints for creating and fetching reports

Enhancements:

• Simplify SBOM download endpoint to streamline response streaming logic
• Extend error handling to include HTTP, header, and JSON error variants

Build:

• Add bytes crate and enable reqwest streaming feature

Documentation:

• Update OpenAPI specification with new ExploitIQ report paths and schemas

[sourcery-ai]

Reviewer's Guide

Introduces new REST endpoints for creating and fetching ExploitIQ reports (with associated models and OpenAPI updates), streamlines the existing SBOM download handler, and enhances error handling and dependencies for JSON and streaming support.

Sequence diagram for creating an ExploitIQ report

sequenceDiagram
    participant Client
    participant API["API Server"]
    participant SBOM["SBOM Service"]
    participant Ingestor["Ingestor Service"]
    participant ExploitIQ["ExploitIQ API"]
    Client->>API: POST /v2/sbom/{id}/exploitiq (ReportRequest)
    API->>SBOM: fetch_sbom_summary(id)
    SBOM-->>API: SBOM summary (with source_document)
    API->>Ingestor: retrieve(source_document)
    Ingestor-->>API: SBOM document stream
    API->>API: parse SBOM JSON
    API->>ExploitIQ: POST /reports/new (ExploitIqRequest)
    ExploitIQ-->>API: ReportResult
    API-->>Client: 201 Created (ReportResult)

Loading

Sequence diagram for fetching an ExploitIQ report

sequenceDiagram
    participant Client
    participant API["API Server"]
    participant ExploitIQ["ExploitIQ API"]
    Client->>API: GET /v2/sbom/exploitiq/{id}
    API->>ExploitIQ: GET /reports/{id}
    ExploitIQ-->>API: Report stream
    API-->>Client: 200 OK (streamed report)

Loading

ER diagram for new ExploitIQ report OpenAPI schemas

erDiagram
    REPORTREQUEST {
        vulnerabilities string
    }
    REPORTRESULT {
        id string
        reportId string
    }
    REPORTREQUEST ||--o{ REPORTRESULT : "creates"

Loading

Class diagram for new ExploitIQ report models

classDiagram
    class ReportRequest {
        +vulnerabilities: Vec<String>
    }
    class ReportResult {
        +id: String
        +report_id: String
    }
    class ExploitIqRequest {
        +vulnerabilities: Vec<String>
        +sbom: Value
        +sbom_info_type: String
        +metadata: Value
        +new(sbom: Value, vulnerabilities: Vec<String>)
    }
    ReportRequest --> ExploitIqRequest : used to construct
    ExploitIqRequest --> ReportResult : used in create_report()

Loading

File-Level Changes

Change	Details	Files
Add ExploitIQ report endpoints and integration	Register create_exploitiq_report and fetch_exploitiq_report services Define ReportRequest, ReportResult, and ExploitIqRequest models with create_report/fetch_report functions Extend OpenAPI spec with new paths and component schemas	modules/fundamental/src/sbom/endpoints/mod.rs modules/fundamental/src/sbom/model/exploitiq.rs openapi.yaml
Refactor SBOM download endpoint	Merge summary fetch and document retrieval into a single match expression Eliminate nested Option and stream mapping for clearer response logic	modules/fundamental/src/sbom/endpoints/mod.rs
Extend error enumeration	Add HTTP, HttpHeaderValue, and Json variants to Error enum for reqwest and serde_json errors	modules/fundamental/src/error.rs
Update dependencies for streaming and JSON support	Add bytes crate and enable reqwest streaming feature Remove redundant bytes dev-dependency	modules/fundamental/Cargo.toml

Possibly linked issues

• Support needed for Exploit IQ integration with TPA #1967: PR adds create and fetch ExploitIQ report endpoints and models, fulfilling the issue's integration requirements.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[codecov]

Codecov Report

❌ Patch coverage is 11.39241% with 70 lines in your changes missing coverage. Please review.
✅ Project coverage is 67.67%. Comparing base (986f992) to head (56322a8).

Files with missing lines	Patch %	Lines
modules/fundamental/src/sbom/model/exploitiq.rs	0.00%	38 Missing ⚠️
modules/fundamental/src/sbom/endpoints/mod.rs	21.95%	29 Missing and 3 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1981      +/-   ##
==========================================
- Coverage   67.91%   67.67%   -0.24%     
==========================================
  Files         354      355       +1     
  Lines       19729    19794      +65     
  Branches    19729    19794      +65     
==========================================
- Hits        13398    13396       -2     
- Misses       5552     5618      +66     
- Partials      779      780       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[carlosthe19916]

• I know it is just a draft, but the interaction with the endpoint GET https://exploitIQdomain.com/reports/{id} is missing.
• also the Auth configuration for ExploitIQ might be missing

But happy to see progress :) thank you very much!!!

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• The create_exploitiq_report handler currently returns HttpResponse::Ok but your OpenAPI spec declares a 201 Created; please return Created to keep them in sync.
• You’re collecting the entire SBOM into a BytesMut buffer before sending it off—consider streaming or deserializing directly from the response to avoid high memory usage with large SBOMs.
• In fetch_exploitiq_report you’re streaming the report but not forwarding the upstream Content-Type header; consider propagating the remote response’s media type for accurate client behavior.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The create_exploitiq_report handler currently returns HttpResponse::Ok but your OpenAPI spec declares a 201 Created; please return Created to keep them in sync.
- You’re collecting the entire SBOM into a BytesMut buffer before sending it off—consider streaming or deserializing directly from the response to avoid high memory usage with large SBOMs.
- In fetch_exploitiq_report you’re streaming the report but not forwarding the upstream Content-Type header; consider propagating the remote response’s media type for accurate client behavior.

## Individual Comments

### Comment 1
<location> `modules/fundamental/src/sbom/model/exploitiq.rs:61-62` </location>
<code_context>
+    Ok(response.bytes_stream().map_err(Error::Http))
+}
+
+fn base_url() -> Result<String, Error> {
+    match env::var(ENV_URL) {
+        Ok(s) => Ok(s),
+        _ => {
+            log::error!("ExploitIQ reports require {ENV_URL} to be set");
+            Err(Error::Unavailable)
+        }
</code_context>

<issue_to_address>
**suggestion:** String interpolation in log message will not expand ENV_URL.

Use format!(...) or include the variable value directly to ensure ENV_URL is shown correctly in the log.

```suggestion
        _ => {
+            log::error!("{}", format!("ExploitIQ reports require {} to be set", ENV_URL));
```
</issue_to_address>

### Comment 2
<location> `modules/fundamental/src/sbom/model/exploitiq.rs:68-70` </location>
<code_context>
+    }
+}
+
+fn authorized_client() -> Result<reqwest::Client, Error> {
+    let Ok(token) = env::var(ENV_TOKEN) else {
+        log::error!("ExploitIQ reports require {ENV_TOKEN} to be set");
+        return Err(Error::Unavailable);
+    };
</code_context>

<issue_to_address>
**suggestion:** String interpolation in log message will not expand ENV_TOKEN.

Use format!(...) or include the variable value directly to ensure ENV_TOKEN is displayed correctly in the log.

Suggested implementation:

```rust
            log::error!("{}", format!("ExploitIQ reports require {} to be set", ENV_URL));

```

```rust
        log::error!("{}", format!("ExploitIQ reports require {} to be set", ENV_TOKEN));

```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[carlosthe19916]

@jcrossley3 LGTM!
But I would like this PR not to fully close the issue #1967 because we are still missing saving the ExploitIQ report IDs in the Trustify Database.

But this is a huge first step!

[jcrossley3]

/scale-test

[github-actions]

🛠️ Scale test has started! Follow the progress here: Workflow Run

[github-actions]

Goose Report

Goose Attack Report

Plan Overview

Action	Started	Stopped	Elapsed	Users
Increasing	25-09-26 21:12:01	25-09-26 21:12:06	00:00:05	0 → 5
Maintaining	25-09-26 21:12:06	25-09-26 21:17:06	00:05:00	5
Decreasing	25-09-26 21:17:06	25-09-26 21:17:07	00:00:01	0 ← 5

Request Metrics

Method	Name	# Requests	# Fails	Average (ms)	Min (ms)	Max (ms)	RPS	Failures/s
GET	get_advisory_by_doc_id	60 (-20)	0	14.47 (+2.99)	3 (+1)	71 (+4)	0.20 (-0.07)	0.00 (+0.00)
GET	get_analysis_latest_cpe	60 (-23)	0	140.60 (-38.33)	30 (-7)	353 (-138)	0.20 (-0.08)	0.00 (+0.00)
GET	get_analysis_status	60 (-23)	0	6.38 (-1.71)	1 (0)	50 (-6)	0.20 (-0.08)	0.00 (+0.00)
GET	get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd]	60 (-20)	0	819.40 (-134.77)	373 (+135)	1088 (-513)	0.20 (-0.07)	0.00 (+0.00)
GET	get_purl_gc	60	60	1.23	1	3	0.20	0.20
GET	get_sbom[sha256:720e4451…a939656247164447]	60 (-23)	0	912.07 (-398.43)	188 (-113)	2233 (-1074)	0.20 (-0.08)	0.00 (+0.00)
GET	get_sbom_license_ids[urn:uuid:019731…104-331632a21144]	60 (-23)	0	804.43 (-22.17)	318 (+38)	1364 (-8)	0.20 (-0.08)	0.00 (+0.00)
GET	list_advisory	60 (-20)	0	533.15 (+92.34)	376 (+278)	1484 (+747)	0.20 (-0.07)	0.00 (+0.00)
GET	list_advisory_paginated	60 (-20)	0	432.93 (+56.01)	133 (+39)	669 (+135)	0.20 (-0.07)	0.00 (+0.00)
GET	list_importer	60 (-20)	0	2.12 (-0.73)	1 (0)	7 (-44)	0.20 (-0.07)	0.00 (+0.00)
GET	list_organizations	60 (-20)	0	7.62 (-1.01)	1 (0)	47 (0)	0.20 (-0.07)	0.00 (+0.00)
GET	list_packages	60 (-20)	0	534.87 (+107.03)	274 (+194)	1934 (+985)	0.20 (-0.07)	0.00 (+0.00)
GET	list_packages_paginated	60 (-20)	0	447.20 (+85.76)	97 (-3)	970 (+80)	0.20 (-0.07)	0.00 (+0.00)
GET	list_products	65 (-20)	0	6.80 (-0.52)	2 (0)	15 (-37)	0.22 (-0.07)	0.00 (+0.00)
GET	list_sboms	65 (-20)	0	1063.75 (-282.68)	605 (+68)	1620 (-668)	0.22 (-0.07)	0.00 (+0.00)
GET	list_sboms_paginated	64 (-21)	0	1290.06 (-1966.95)	491 (+18)	3294 (-3394)	0.21 (-0.07)	0.00 (+0.00)
GET	list_vulnerabilities	60 (-20)	0	315.00 (+21.55)	110 (+64)	550 (-52)	0.20 (-0.07)	0.00 (+0.00)
GET	list_vulnerabilities_paginated	60 (-20)	0	187.25 (+0.77)	122 (+84)	281 (-99)	0.20 (-0.07)	0.00 (+0.00)
GET	sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f]	60 (-23)	0	62.80 (-10.92)	10 (+2)	267 (-63)	0.20 (-0.08)	0.00 (+0.00)
GET	search_advisory	60 (-20)	0	972.35 (+232.71)	360 (+237)	1901 (-201)	0.20 (-0.07)	0.00 (+0.00)
GET	search_exact_purl	65 (-20)	0	7.22 (-1.75)	2 (+1)	54 (-15)	0.22 (-0.07)	0.00 (+0.00)
GET	search_purls	65 (-20)	0	14802.15 (+8179.68)	7068 (+4638)	25848 (+16329)	0.22 (-0.07)	0.00 (+0.00)
POST	post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1]	60 (-20)	0	497.70 (-169.05)	211 (+64)	855 (-594)	0.20 (-0.07)	0.00 (+0.00)
	Aggregated	1404 (-396)	60	1079.95 (+239.82)	1 (0)	25848 (+16329)	4.68 (-1.32)	0.20 (+0.20)

Response Time Metrics

Method	Name	50%ile (ms)	60%ile (ms)	70%ile (ms)	80%ile (ms)	90%ile (ms)	95%ile (ms)	99%ile (ms)	100%ile (ms)
GET	get_advisory_by_doc_id	7 (+1)	9 (+3)	10 (+3)	13 (+2)	52 (+16)	56 (+7)	58 (0)	71 (+4)
GET	get_analysis_latest_cpe	130 (-50)	140 (-50)	170 (-40)	210 (-10)	270 (-30)	280 (-100)	300 (-170)	350 (-140)
GET	get_analysis_status	2 (-1)	3 (0)	3 (-1)	6 (+1)	8 (-38)	44 (-6)	48 (-7)	50 (-6)
GET	get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd]	800 (-100)	800 (-200)	900 (-100)	900 (-100)	1,000 (0)	1,000 (-601)	1,000 (-601)	1,000 (-601)
GET	get_purl_gc	1	1	1	2	2	2	2	3
GET	get_sbom[sha256:720e4451…a939656247164447]	700 (-200)	1,000 (0)	1,000 (-1,000)	1,000 (-1,000)	2,000 (-1,000)	2,000 (-1,000)	2,000 (-1,000)	2,000 (-1,000)
GET	get_sbom_license_ids[urn:uuid:019731…104-331632a21144]	800 (0)	900 (0)	900 (0)	900 (-100)	1,000 (0)	1,000 (0)	1,000 (0)	1,000 (0)
GET	list_advisory	460 (+30)	500 (+50)	600 (+110)	700 (+200)	700 (+100)	800 (+200)	800 (+100)	1,000 (+300)
GET	list_advisory_paginated	430 (+40)	460 (+50)	480 (+50)	500 (+40)	500 (0)	600 (+100)	600 (+100)	669 (+169)
GET	list_importer	2 (0)	2 (0)	2 (0)	3 (0)	3 (-1)	4 (-2)	4 (-6)	7 (-44)
GET	list_organizations	5 (+1)	6 (+2)	7 (+1)	9 (+1)	12 (-26)	18 (-24)	46 (+2)	47 (0)
GET	list_packages	440 (+10)	450 (+20)	500 (+40)	700 (+220)	900 (+100)	900 (0)	900 (0)	1,934 (+1,034)
GET	list_packages_paginated	420 (+40)	450 (+50)	480 (+60)	490 (+20)	500 (+10)	900 (+100)	900 (+10)	970 (+80)
GET	list_products	6 (+1)	8 (+2)	8 (0)	9 (0)	10 (-2)	10 (-5)	11 (-40)	15 (-37)
GET	list_sboms	1,000 (0)	1,000 (0)	1,000 (-1,000)	1,000 (-1,000)	1,000 (-1,000)	1,000 (-1,000)	1,620 (-380)	1,620 (-380)
GET	list_sboms_paginated	1,000 (-2,000)	1,000 (-2,000)	2,000 (-2,000)	2,000 (-3,000)	2,000 (-3,000)	3,000 (-3,000)	3,000 (-3,688)	3,000 (-3,688)
GET	list_vulnerabilities	330 (0)	340 (-10)	360 (-10)	370 (-20)	380 (-20)	430 (-10)	500 (-100)	550 (-50)
GET	list_vulnerabilities_paginated	190 (0)	190 (-10)	200 (0)	210 (-10)	220 (-40)	260 (-10)	280 (-90)	280 (-100)
GET	sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f]	42 (-30)	70 (-10)	79 (-5)	86 (-12)	160 (+10)	180 (0)	190 (0)	267 (-63)
GET	search_advisory	1,000 (+400)	1,000 (+400)	1,000 (+300)	1,000 (0)	1,901 (+901)	1,901 (-99)	1,901 (-99)	1,901 (-99)
GET	search_exact_purl	7 (+3)	7 (+2)	7 (+1)	8 (0)	9 (-7)	10 (-43)	10 (-56)	54 (-15)
GET	search_purls	16,000 (+9,000)	16,000 (+9,000)	16,000 (+9,000)	16,000 (+9,000)	17,000 (+9,000)	25,848 (+16,848)	25,848 (+16,329)	25,848 (+16,329)
POST	post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1]	480 (-120)	500 (-200)	600 (-200)	600 (-300)	700 (-300)	800 (-200)	800 (-200)	855 (-145)
	Aggregated	370 (+30)	450 (+10)	600 (0)	900 (-100)	1,000 (-1,000)	2,000 (-3,000)	16,000 (+9,000)	25,848 (+16,329)

Status Code Metrics

Method	Name	Status Codes
GET	get_advisory_by_doc_id	60 [200]
GET	get_analysis_latest_cpe	60 [200]
GET	get_analysis_status	60 [200]
GET	get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd]	60 [200]
GET	get_purl_gc	60 [400]
GET	get_sbom[sha256:720e4451…a939656247164447]	60 [200]
GET	get_sbom_license_ids[urn:uuid:019731…104-331632a21144]	60 [200]
GET	list_advisory	60 [200]
GET	list_advisory_paginated	60 [200]
GET	list_importer	60 [200]
GET	list_organizations	60 [200]
GET	list_packages	60 [200]
GET	list_packages_paginated	60 [200]
GET	list_products	65 [200]
GET	list_sboms	65 [200]
GET	list_sboms_paginated	64 [200]
GET	list_vulnerabilities	60 [200]
GET	list_vulnerabilities_paginated	60 [200]
GET	sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f]	60 [200]
GET	search_advisory	60 [200]
GET	search_exact_purl	65 [200]
GET	search_purls	65 [200]
POST	post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1]	60 [200]
	Aggregated	1,344 [200], 60 [400]

Transaction Metrics

Transaction	# Times Run	# Fails	Average (ms)	Min (ms)	Max (ms)	RPS	Failures/s
WebsiteUser
0.0 logon	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.1 website_index	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.2 website_openapi	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.3 website_sboms	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.4 website_packages	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.5 website_advisories	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.6 website_importers	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
RestAPIUser
1.0 logon	60 (-20)	0 (0)	16.68 (+2.82)	12 (+5)	30 (+9)	0.20 (-0.07)	0.00 (+0.00)
1.1 list_organizations	60 (-20)	0 (0)	7.80 (-1.04)	1 (0)	47 (0)	0.20 (-0.07)	0.00 (+0.00)
1.2 list_advisory	60 (-20)	0 (0)	533.23 (+92.40)	376 (+278)	1484 (+747)	0.20 (-0.07)	0.00 (+0.00)
1.3 list_advisory_paginated	60 (-20)	0 (0)	432.95 (+55.99)	134 (+40)	669 (+135)	0.20 (-0.07)	0.00 (+0.00)
1.4 get_advisory_by_doc_id	60 (-20)	0 (0)	14.52 (+3.00)	3 (+1)	71 (+4)	0.20 (-0.07)	0.00 (+0.00)
1.5 search_advisory	60 (-20)	0 (0)	972.38 (+232.70)	360 (+237)	1901 (-201)	0.20 (-0.07)	0.00 (+0.00)
1.6 list_vulnerabilities	60 (-20)	0 (0)	315.00 (+21.50)	110 (+64)	550 (-52)	0.20 (-0.07)	0.00 (+0.00)
1.7 list_vulnerabilities_paginated	60 (-20)	0 (0)	187.32 (+0.79)	122 (+84)	281 (-99)	0.20 (-0.07)	0.00 (+0.00)
1.8 list_importer	60 (-20)	0 (0)	2.18 (-0.68)	1 (0)	7 (-44)	0.20 (-0.07)	0.00 (+0.00)
1.9 list_packages	60 (-20)	0 (0)	534.90 (+107.05)	274 (+194)	1934 (+985)	0.20 (-0.07)	0.00 (+0.00)
1.10 list_packages_paginated	60 (-20)	0 (0)	447.33 (+85.81)	97 (-3)	971 (+81)	0.20 (-0.07)	0.00 (+0.00)
1.11 search_purls	65 (-20)	0 (0)	14802.17 (+8179.64)	7068 (+4638)	25848 (+16329)	0.22 (-0.07)	0.00 (+0.00)
1.12 search_exact_purl	65 (-20)	0 (0)	7.22 (-1.81)	2 (0)	54 (-15)	0.22 (-0.07)	0.00 (+0.00)
1.13 list_products	65 (-20)	0 (0)	6.86 (-0.49)	2 (0)	15 (-37)	0.22 (-0.07)	0.00 (+0.00)
1.14 list_sboms	65 (-20)	0 (0)	1063.78 (-282.66)	605 (+68)	1620 (-668)	0.22 (-0.07)	0.00 (+0.00)
1.15 list_sboms_paginated	64 (-21)	0 (0)	1290.11 (-1966.98)	492 (+19)	3294 (-3394)	0.21 (-0.07)	0.00 (+0.00)
1.16 get_analysis_status	60 (-23)	0 (0)	6.43 (-1.71)	1 (0)	51 (-5)	0.20 (-0.08)	0.00 (+0.00)
1.17 get_analysis_latest_cpe	60 (-23)	0 (0)	140.62 (-38.35)	30 (-7)	353 (-138)	0.20 (-0.08)	0.00 (+0.00)
1.18 get_purl_gc	60	0	1.27	1	4	0.20	0.00
1.19 get_sbom[sha256:720e4451…a939656247164447]	60	0	912.13	188	2233	0.20	0.00
1.20 sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f]	60	0	62.90	10	267	0.20	0.00
1.21 get_sbom_license_ids[urn:uuid:019731…104-331632a21144]	60	0	804.45	318	1364	0.20	0.00
1.22 post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1]	60	0	497.78	211	855	0.20	0.00
1.23 get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd]	60	0	819.42	373	1088	0.20	0.00
Aggregated	1464 (-416)	0 (0)	1035.69 (+231.31)	1 (0)	25848 (+16329)	4.88 (-1.39)	0.00 (+0.00)

Scenario Metrics

Transaction	# Users	# Times Run	Average (ms)	Min (ms)	Max (ms)	Scenarios/s	Iterations
WebsiteUser	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
RestAPIUser	5 (0)	60 (-20)	23395.33 (+5854.13)	11590 (+4450)	36910 (+12540)	0.20 (-0.07)	12.00 (-4.00)
Aggregated	5 (0)	60 (-20)	23395.33 (+5854.13)	11590 (+4450)	36910 (+12540)	0.20 (-0.07)	12.00 (-4.00)

Error Metrics

Method	Name	#	Error
GET	get_purl_gc	60	400 Bad Request: get_purl_gc

📄 Full Report (Go to "Artifacts" and download report)