Add SBOM Compiler Information Into Specific Fields For Windows/Mac

[steelhead31]

Fixes #3503

Add specific fields into the SBOM for Windows & MacOS compiler versions.

Examples taken from the SBOMs generated with these changes.

Adds This For Windows

    "tools" : [
      {
        "name" : "MS Windows Compiler",
        "version" : "microsoft (Microsoft Visual Studio 2019)"
      },
      {

Adds This For Mac

"tools" : [
   {
     "name" : "MacOS Compiler",
     "version" : "clang (clang/LLVM from Xcode 15.0.1)"
   },

[sxa]

Yep I think I'm happy with this based on the output - can you paste in a full SBoM on each of the two platforms to see it in context? We should also adjust the SBoM content validation in the tooling directory to check this (ideally in this PR but could be a subsequent one)

[steelhead31]

Mac SBOM from : https://ci.adoptium.net/job/build-scripts/job/jobs/job/jdk17u/job/jdk17u-mac-x64-temurin/463/ attached

OpenJDK17U-sbom_x64_mac_hotspot_2024-01-10-13-16.json

[steelhead31]

Windows SBOM From : https://ci.adoptium.net/job/build-scripts/job/jobs/job/jdk17u/job/jdk17u-windows-x64-temurin/442/
 

Attached: https://ci.adoptium.net/job/build-scripts/job/jobs/job/jdk17u/job/jdk17u-windows-x64-temurin/442/artifact/workspace/target/OpenJDK17U-sbom_x64_windows_hotspot_2024-01-10-12-45.json

[steelhead31]

Yep I think I'm happy with this based on the output - can you paste in a full SBoM on each of the two platforms to see it in context? We should also adjust the SBoM content validation in the tooling directory to check this (ideally in this PR but could be a subsequent one)

I'll move this to draft, and implement the changes to validateSBOMContent.sh too, be useful to do that at the same time as this I feel.

[sxa]

@steelhead31 @Haroon-Khel I couple of further comments:

• It would be nice to get this in for the January release next week if we can, for consistency and being able to tell a good story in the next few months :-) So we may wish to cherry pick this across to the release branch when it's in. Based on that, if we can't get the additional checks ready today then perhaps we should just get it merged?
• I note that this is only saying VS2019, where we have lines like 12:52:44 configure: Using microsoft C compiler version 19.29.30146 [Microsoft (R) C/C++ Optimizing Compiler Version 19.29.30146 for x64] in the log. For the purposes of having the ability to rebuild in a binary identical way from an SBoM perhaps we should try and incorporate the full MS build ID too, but I wouldn't block this PR based on that on a "something is better than nothing" basis. WDYT @andrew-m-leonard ?

[andrew-m-leonard]

lgtm

[steelhead31]

@sxa @andrew-m-leonard

Here is an example of the additional MSVS compiler fields in the SBOM ( from a local build currently )

    "timestamp" : "2024-01-10T21:08:16Z",
    "tools" : [
      {
        "name" : "MSVS Windows Compiler Version",
        "version" : "microsoft (Microsoft Visual Studio 2019)"
      },
      {
        "name" : "MSVS C Compiler Version",
        "version" : "19.29.30146"
      },
      {
        "name" : "MSVS C++ Compiler Version",
        "version" : "19.29.30146"
      },

Actual SBOM from build : https://ci.adoptium.net/job/build-scripts/job/jobs/job/jdk17u/job/jdk17u-windows-x64-temurin/446/artifact/workspace/target/OpenJDK17U-sbom_x64_windows_hotspot_2024-01-10-23-04.json