semi implemented and features implemented save checkpoint

2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
--- a/docs/features/unchecked/attestor/sbom-schema-validation-gating.md
+++ b/docs/features/unchecked/attestor/sbom-schema-validation-gating.md
@@ -0,0 +1,31 @@
+# SBOM Schema Validation/Gating
+
+## Module
+Attestor
+
+## Status
+IMPLEMENTED
+
+## Description
+Schema validation for SBOM predicates (both CycloneDX and SPDX) with structured validation results for gating decisions.
+
+## Implementation Details
+- **Predicate Schema Validator**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Json/PredicateSchemaValidator.cs` (with `.Validators`) -- validates SBOM predicates against registered schemas.
+- **Schema Validation Result**: `Json/SchemaValidationResult.cs` -- result with pass/fail and list of errors.
+- **Schema Validation Error**: `Json/SchemaValidationError.cs` -- individual error with JSON path, message, and severity.
+- **CycloneDX Validation**: `__Libraries/StellaOps.Attestor.StandardPredicates/Writers/CycloneDxWriter.Validation.cs` -- CycloneDX-specific schema validation rules.
+- **CycloneDX Parser Validation**: `Parsers/CycloneDxPredicateParser.Validation.cs` -- validates CycloneDX input during parsing.
+- **SPDX Validation**: `Parsers/SpdxPredicateParser.Validation.cs` -- validates SPDX input during parsing.
+- **SLSA Validation**: `Validation/SlsaSchemaValidator.cs` (with `.BuildDefinition`, `.Helpers`, `.Level`, `.RunDetails`) -- SLSA provenance schema validation.
+- **Binary Diff Schema**: `BinaryDiff/BinaryDiffSchema.SchemaJson.cs` -- embedded JSON schema for binary diff predicates.
+- **Tests**: `__Tests/StellaOps.Attestor.StandardPredicates.Tests/ValidationTests.cs`
+
+## E2E Test Plan
+- [ ] Validate a well-formed CycloneDX 1.6 BOM via `CycloneDxWriter.Validation` and verify it passes
+- [ ] Validate a malformed CycloneDX BOM (missing required fields) and verify `SchemaValidationResult` fails with specific errors
+- [ ] Validate a well-formed SPDX 3.0.1 document via `SpdxPredicateParser.Validation` and verify it passes
+- [ ] Validate a malformed SPDX document and verify validation errors include JSON paths
+- [ ] Validate a CycloneDX serial number via `CycloneDxPredicateParser.SerialNumber` and verify format compliance
+- [ ] Use validation results as a gating decision: block a pipeline submission when SBOM validation fails
+- [ ] Validate a SLSA provenance predicate and verify build definition and run details are checked
+- [ ] Verify `SchemaValidationError` provides actionable details: JSON path, human-readable message, severity level