stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/features/unchecked/platform/sbom-analytics-lake.md Normal file
View File

@@ -0,0 +1,27 @@
# SBOM Analytics Lake (Star-Schema PostgreSQL)
## Module
Platform
## Status
IMPLEMENTED
## Description
Star-schema PostgreSQL analytics layer for SBOM data with component registry, vulnerability correlation tables, attestation tracking, materialized views for trend analysis, and stored procedures for analytics queries. While "Materialized Views for Analytics" is in the known list, this is a much broader star-schema analytics subsystem with dedicated migration, ingestion services, and multi-table analytics design.
## Implementation Details
- **AnalyticsIngestionService**: `src/Platform/StellaOps.Platform.Analytics/Services/AnalyticsIngestionService.cs` -- BackgroundService subscribing to `scanner.report.ready` events via IEventStream; parses SBOM (CycloneDX/SPDX), resolves artifact digests, upserts into star-schema tables (`analytics.artifacts`, `analytics.raw_sboms`, `analytics.components`, `analytics.artifact_components`); uses stored procedures (`analytics.compute_daily_rollups`, `analytics.parse_purl`, `analytics.normalize_supplier`, `analytics.categorize_license`); builds dependency paths via BFS from root component
- **VulnerabilityCorrelationService**: `src/Platform/StellaOps.Platform.Analytics/Services/VulnerabilityCorrelationService.cs` -- correlates PURL-based components with known vulnerabilities; updates artifact vulnerability counts
- **AttestationIngestionService**: `src/Platform/StellaOps.Platform.Analytics/Services/AttestationIngestionService.cs` -- ingests attestation events into analytics
- **Utilities**: PurlParser (PURL normalization), LicenseExpressionRenderer (license aggregation), Sha256Hasher (digest computation), TenantNormalizer (tenant filtering), VersionRuleEvaluator, VulnerabilityCorrelationRules
- **AnalyticsIngestionOptions**: `src/Platform/StellaOps.Platform.Analytics/Options/AnalyticsIngestionOptions.cs` -- configurable stream names, tenant allowlists, ingest/schema versions
- **Tests**: `src/Platform/__Tests/StellaOps.Platform.Analytics.Tests/`
- **Source**: SPRINT_20260120_030_Platform_sbom_analytics_lake.md
## E2E Test Plan
- [ ] Verify SBOM ingestion from scanner.report.ready events populates all star-schema tables
- [ ] Test component deduplication via (purl, hash_sha256) conflict resolution
- [ ] Verify dependency path BFS builds correct depth and introduced_via values
- [ ] Test vulnerability correlation updates component and artifact vulnerability counts
- [ ] Verify daily rollup stored procedure computes correct aggregates
- [ ] Test tenant filtering respects AllowedTenants configuration