stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
docs/features/unchecked/attestor/sbom-interop-round-trip-testing.md Normal file
View File

@@ -0,0 +1,31 @@
# SBOM Interop Round-Trip Testing
## Module
Attestor
## Status
IMPLEMENTED
## Description
SBOM round-trip testing with canonical verification ensuring CycloneDX and SPDX outputs can be parsed, re-serialized, and verified for format compliance.
## Implementation Details
- **CycloneDX Parser**: `src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/Parsers/CycloneDxPredicateParser.cs` (with `.ExtractMetadata`, `.ExtractSbom`, `.SerialNumber`, `.Validation`) -- parses CycloneDX BOMs.
- **CycloneDX Writer**: `Writers/CycloneDxWriter.cs` (with 50+ partials) -- writes CycloneDX BOMs from internal model.
- **SPDX Parser**: `Parsers/SpdxPredicateParser.cs` (with `.ExtractMetadata`, `.ExtractSbom`, `.Validation`) -- parses SPDX documents.
- **SPDX Writer**: `Writers/SpdxWriter.cs` (with 40+ partials) -- writes SPDX 3.0.1 documents from internal model.
- **SBOM Canonicalizer**: `Canonicalization/SbomCanonicalizer.Elements.cs` -- deterministic element ordering for canonical comparison.
- **SBOM Models**: `Models/SbomDocument.cs` (with `.Collections`) -- internal SBOM document model bridging parse/write.
- **CycloneDX Validation**: `Writers/CycloneDxWriter.Validation.cs` -- validates written CycloneDX against schema.
- **SPDX Validation**: `Parsers/SpdxPredicateParser.Validation.cs` -- validates SPDX compliance.
- **Tests**: `__Tests/StellaOps.Attestor.StandardPredicates.Tests/RoundTripTests.cs`
## E2E Test Plan
- [ ] Round-trip CycloneDX: parse a CycloneDX 1.6 BOM, write it back via `CycloneDxWriter`, re-parse, and verify semantic equivalence
- [ ] Round-trip SPDX: parse an SPDX 3.0.1 document, write it back via `SpdxWriter`, re-parse, and verify semantic equivalence
- [ ] Canonicalize both round-trip outputs via `SbomCanonicalizer` and verify canonical forms match
- [ ] Round-trip complex CycloneDX features: crypto, formulation, declarations, attestation maps
- [ ] Round-trip complex SPDX features: AI packages, dataset packages, build profiles, assessments
- [ ] Validate the written CycloneDX output via `CycloneDxWriter.Validation` and verify schema compliance
- [ ] Validate the written SPDX output via `SpdxPredicateParser.Validation` and verify format compliance
- [ ] Cross-format interop: parse CycloneDX, convert to internal model, write as SPDX, and verify key data (components, licenses) is preserved