Add unit tests for SBOM ingestion and transformation
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly. - Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps. - Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges. - Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges. - Set up project file for the test project with necessary dependencies and configurations. - Include JSON fixture files for testing purposes.
This commit is contained in:
master
@@ -15,7 +15,8 @@
|
||||
|----|--------|----------|------------|-------------|---------------|
|
||||
| ATTESTOR-72-001 | DONE | Attestor Service Guild | ATTEST-ENVELOPE-72-001 | Scaffold service (REST API skeleton, storage interfaces, KMS integration stubs) and DSSE validation pipeline. | Service builds/tests; signing & verification stubs wired; lint/CI green. |
|
||||
| ATTESTOR-72-002 | DONE | Attestor Service Guild | ATTESTOR-72-001 | Implement attestation store (DB tables, object storage integration), CRUD, and indexing strategies. | Migrations applied; CRUD API functional; storage integration unit tests pass. |
|
||||
| ATTESTOR-72-003 | BLOCKED | Attestor Service Guild, QA Guild | ATTESTOR-72-002 | Validate attestation store TTL against production-like Mongo/Redis stack; capture logs and remediation plan. | Evidence of TTL expiry captured; report archived in docs/modules/attestor/ttl-validation.md. |
|
||||
| ATTESTOR-72-003 | DONE (2025-11-03) | Attestor Service Guild, QA Guild | ATTESTOR-72-002 | Validate attestation store TTL against production-like Mongo/Redis stack; capture logs and remediation plan. | Evidence of TTL expiry captured; report archived in docs/modules/attestor/ttl-validation.md. |
|
||||
> 2025-11-03: Ran TTL validation against locally hosted MongoDB 7.0.5 and Redis 7.2.4 (manual processes). Document expirations captured in `docs/modules/attestor/evidence/2025-11-03-{mongo,redis}-ttl-validation.txt`; summary added to `docs/modules/attestor/ttl-validation.md`.
|
||||
|
||||
### Sprint 73 – Signing & Verification
|
||||
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|
||||
@@ -38,4 +39,9 @@
|
||||
| ATTESTOR-75-001 | DONE | Attestor Service Guild, Export Guild | ATTESTOR-74-002, EXPORT-ATTEST-74-001 | Add export/import flows for attestation bundles and offline verification mode. | Bundles generated/imported; offline verification path documented; tests cover missing witness data. |
|
||||
| ATTESTOR-75-002 | DONE | Attestor Service Guild, Security Guild | ATTESTOR-73-002 | Harden APIs with rate limits, auth scopes, threat model mitigations, and fuzz testing. | Rate limiting enforced; fuzz tests run in CI; threat model actions resolved. |
|
||||
|
||||
### Sprint 187 – Replay Ledger Integration
|
||||
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|
||||
|----|--------|----------|------------|-------------|---------------|
|
||||
| ATTEST-REPLAY-187-003 | TODO | Attestor Service Guild, Ops Guild | REPLAY-CORE-185-001, SCAN-REPLAY-186-001 | Anchor replay manifests to Rekor, expose verification API responses, and update `docs/modules/attestor/architecture.md` referencing `docs/replay/DETERMINISTIC_REPLAY.md` Section 9. | Rekor anchoring automated; verification endpoints document replay status; docs merged. |
|
||||
|
||||
*** End Task Board ***
|
||||
|
||||
Reference in New Issue
Block a user