stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Add unit tests for SBOM ingestion and transformation
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly.
- Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps.
- Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges.
- Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges.
- Set up project file for the test project with necessary dependencies and configurations.
- Include JSON fixture files for testing purposes.
This commit is contained in:
master
2025-11-04 07:49:39 +02:00
parent f72c5c513a
commit 2eb6852d34
491 changed files with 39445 additions and 3917 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
tests/Graph/StellaOps.Graph.Indexer.Tests/Fixtures/v1/concelier-linkset.json Normal file
View File

@@ -0,0 +1,32 @@
{
"tenant": "tenant-alpha",
"source": "concelier.overlay.v1",
"linksetDigest": "sha256:linkset001",
"collectedAt": "2025-10-30T12:05:10Z",
"eventOffset": 3100,
"advisory": {
"source": "concelier.linkset.v1",
"advisorySource": "ghsa",
"advisoryId": "GHSA-1234-5678-90AB",
"severity": "HIGH",
"publishedAt": "2025-10-25T09:00:00Z",
"contentHash": "sha256:ddd444",
"linksetDigest": "sha256:linkset001"
},
"components": [
{
"purl": "pkg:nuget/Newtonsoft.Json@13.0.3",
"sourceType": "inventory",
"sbomDigest": "sha256:sbom111",
"evidenceDigest": "sha256:evidence004",
"matchedVersions": [
"13.0.3"
],
"cvss": 8.1,
"confidence": 0.9,
"source": "concelier.overlay.v1",
"collectedAt": "2025-10-30T12:05:10Z",
"eventOffset": 3100
}
]
}

209
tests/Graph/StellaOps.Graph.Indexer.Tests/Fixtures/v1/edges.json Normal file
View File

@@ -0,0 +1,209 @@
[
{
"kind": "CONTAINS",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"artifact_node_id": "gn:tenant-alpha:artifact:RX033HH7S6JXMY66QM51S89SX76B3JXJHWHPXPPBJCD05BR3GVXG",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"sbom_digest": "sha256:sbom111"
},
"attributes": {
"detected_by": "sbom.analyzer.nuget",
"layer_digest": "sha256:layer123",
"scope": "runtime",
"evidence_digest": "sha256:evidence001"
},
"provenance": {
"source": "scanner.sbom.v1",
"collected_at": "2025-10-30T12:00:02Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 2100
},
"valid_from": "2025-10-30T12:00:02Z",
"valid_to": null,
"id": "ge:tenant-alpha:CONTAINS:EVA5N7P029VYV9W8Q7XJC0JFTEQYFSAQ6381SNVM3T1G5290XHTG",
"hash": "139e534be32f666cbd8e4fb0daee629b7b133ef8d10e98413ffc33fde59f7935"
},
{
"kind": "DEPENDS_ON",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"dependency_purl": "pkg:nuget/System.Text.Encoding.Extensions@4.7.0",
"sbom_digest": "sha256:sbom111"
},
"attributes": {
"dependency_purl": "pkg:nuget/System.Text.Encoding.Extensions@4.7.0",
"dependency_version": "4.7.0",
"relationship": "direct",
"evidence_digest": "sha256:evidence002"
},
"provenance": {
"source": "scanner.sbom.v1",
"collected_at": "2025-10-30T12:00:02Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 2101
},
"valid_from": "2025-10-30T12:00:02Z",
"valid_to": null,
"id": "ge:tenant-alpha:DEPENDS_ON:FJ7GZ9RHPKPR30XVKECD702QG20PGT3V75DY1GST8AAW9SR8TBB0",
"hash": "4caae0dff840dee840d413005f1b493936446322e8cfcecd393983184cc399c1"
},
{
"kind": "DECLARED_IN",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"file_node_id": "gn:tenant-alpha:file:M1MWHCXA66MQE8FZMPK3RNRMN7Z18H4VGWX6QTNNBKABFKRACKDG",
"sbom_digest": "sha256:sbom111"
},
"attributes": {
"detected_by": "sbom.analyzer.nuget",
"scope": "runtime",
"evidence_digest": "sha256:evidence003"
},
"provenance": {
"source": "scanner.layer.v1",
"collected_at": "2025-10-30T12:00:03Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 2102
},
"valid_from": "2025-10-30T12:00:03Z",
"valid_to": null,
"id": "ge:tenant-alpha:DECLARED_IN:T7E8NQEMKXPZ3T1SWT8HXKWAHJVS9QKD87XBKAQAAQ29CDHEA47G",
"hash": "2a2e7ba8785d75eb11feebc2df99a6a04d05ee609b36cbe0b15fa142e4c4f184"
},
{
"kind": "BUILT_FROM",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"parent_artifact_node_id": "gn:tenant-alpha:artifact:RX033HH7S6JXMY66QM51S89SX76B3JXJHWHPXPPBJCD05BR3GVXG",
"child_artifact_digest": "sha256:base000"
},
"attributes": {
"build_type": "https://slsa.dev/provenance/v1",
"builder_id": "builder://tekton/pipeline/default",
"attestation_digest": "sha256:attestation001"
},
"provenance": {
"source": "scanner.provenance.v1",
"collected_at": "2025-10-30T12:00:05Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 2103
},
"valid_from": "2025-10-30T12:00:05Z",
"valid_to": null,
"id": "ge:tenant-alpha:BUILT_FROM:HJNKVFSDSA44HRY0XAJ0GBEVPD2S82JFF58BZVRT9QF6HB2EGPJG",
"hash": "17bdb166f4ba05406ed17ec38d460fb83bd72cec60095f0966b1d79c2a55f1de"
},
{
"kind": "AFFECTED_BY",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"advisory_node_id": "gn:tenant-alpha:advisory:RFGYXZ2TG0BF117T3HCX3XYAZFXPD72991QD0JZWDVY7FXYY87R0",
"linkset_digest": "sha256:linkset001"
},
"attributes": {
"evidence_digest": "sha256:evidence004",
"matched_versions": [
"13.0.3"
],
"cvss": 8.1,
"confidence": 0.9
},
"provenance": {
"source": "concelier.overlay.v1",
"collected_at": "2025-10-30T12:05:10Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 3100
},
"valid_from": "2025-10-30T12:05:10Z",
"valid_to": null,
"id": "ge:tenant-alpha:AFFECTED_BY:1V3NRKAR6KMXAWZ89R69G8JAY3HV7DXNB16YY9X25X1TAFW9VGYG",
"hash": "45e845ee51dc2e8e8990707906bddcd3ecedf209de10b87ce8eed604dcc51ff5"
},
{
"kind": "VEX_EXEMPTS",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"vex_node_id": "gn:tenant-alpha:vex_statement:BVRF35CX6TZTHPD7YFHYTJJACPYJD86JP7C74SH07QT9JT82NDSG",
"statement_hash": "sha256:eee555"
},
"attributes": {
"status": "not_affected",
"justification": "component not present",
"impact_statement": "Library not loaded at runtime",
"evidence_digest": "sha256:evidence005"
},
"provenance": {
"source": "excititor.overlay.v1",
"collected_at": "2025-10-30T12:06:10Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 3200
},
"valid_from": "2025-10-30T12:06:10Z",
"valid_to": null,
"id": "ge:tenant-alpha:VEX_EXEMPTS:DT0BBCM9S0KJVF61KVR7D2W8DVFTKK03F3TFD4DR9DRS0T5CWZM0",
"hash": "0ae4085e510898e68ad5cb48b7385a1ae9af68fcfea9bd5c22c47d78bb1c2f2e"
},
{
"kind": "GOVERNS_WITH",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"policy_node_id": "gn:tenant-alpha:policy_version:YZSMWHHR6Y5XR1HFRBV3H5TR6GMZVN9BPDAAVQEACV7XRYP06390",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"finding_explain_hash": "sha256:explain001"
},
"attributes": {
"verdict": "fail",
"explain_hash": "sha256:explain001",
"policy_rule_id": "rule:runtime/critical-dependency",
"evaluation_timestamp": "2025-10-30T12:07:00Z"
},
"provenance": {
"source": "policy.engine.v1",
"collected_at": "2025-10-30T12:07:00Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 4200
},
"valid_from": "2025-10-30T12:07:00Z",
"valid_to": null,
"id": "ge:tenant-alpha:GOVERNS_WITH:XG3KQTYT8D4NY0BTFXWGBQY6TXR2MRYDWZBQT07T0200NQ72AFG0",
"hash": "38a05081a9b046bfd391505d47da6b7c6e3a74e114999b38a4e4e9341f2dc279"
},
{
"kind": "OBSERVED_RUNTIME",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"runtime_node_id": "gn:tenant-alpha:runtime_context:EFVARD7VM4710F8554Q3NGH0X8W7XRF3RDARE8YJWK1H3GABX8A0",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"runtime_fingerprint": "pod-abc123"
},
"attributes": {
"process_name": "dotnet",
"entrypoint_kind": "container",
"runtime_evidence_digest": "sha256:evidence006",
"confidence": 0.8
},
"provenance": {
"source": "signals.runtime.v1",
"collected_at": "2025-10-30T12:15:10Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 5200
},
"valid_from": "2025-10-30T12:15:10Z",
"valid_to": null,
"id": "ge:tenant-alpha:OBSERVED_RUNTIME:CVV4ACPPJVHWX2NRZATB8H045F71HXT59TQHEZE2QBAQGJDK1FY0",
"hash": "15d24ebdf126b6f8947d3041f8cbb291bb66e8f595737a7c7dd2683215568367"
}
]

34
tests/Graph/StellaOps.Graph.Indexer.Tests/Fixtures/v1/excititor-vex.json Normal file
View File

@@ -0,0 +1,34 @@
{
"tenant": "tenant-alpha",
"source": "excititor.overlay.v1",
"collectedAt": "2025-10-30T12:06:10Z",
"eventOffset": 3200,
"statement": {
"vexSource": "vendor-x",
"statementId": "statement-789",
"status": "not_affected",
"justification": "component not present",
"impactStatement": "Library not loaded at runtime",
"issuedAt": "2025-10-27T14:30:00Z",
"expiresAt": "2026-10-27T14:30:00Z",
"contentHash": "sha256:eee555",
"provenanceSource": "excititor.vex.v1",
"collectedAt": "2025-10-30T12:06:00Z",
"eventOffset": 3302
},
"exemptions": [
{
"componentPurl": "pkg:nuget/Newtonsoft.Json@13.0.3",
"componentSourceType": "inventory",
"sbomDigest": "sha256:sbom111",
"statementHash": "sha256:eee555",
"status": "not_affected",
"justification": "component not present",
"impactStatement": "Library not loaded at runtime",
"evidenceDigest": "sha256:evidence005",
"provenanceSource": "excititor.overlay.v1",
"collectedAt": "2025-10-30T12:06:10Z",
"eventOffset": 3200
}
]
}

29
tests/Graph/StellaOps.Graph.Indexer.Tests/Fixtures/v1/linkset-snapshot.json Normal file
View File

@@ -0,0 +1,29 @@
{
tenant: tenant-alpha,
source: concelier.overlay.v1,
linksetDigest: sha256:linkset001,
collectedAt: 2025-10-30T12:05:00Z,
eventOffset: 2201,
advisory: {
source: concelier.linkset.v1,
advisorySource: ghsa,
advisoryId: GHSA-1234-5678-90AB,
contentHash: sha256:ddd444,
severity: HIGH,
publishedAt: 2025-10-25T09:00:00Z
},
components: [
{
purl: pkg:nuget/Newtonsoft.Json@13.0.3,
sourceType: inventory,
sbomDigest: sha256:sbom111,
evidenceDigest: sha256:evidence004,
matchedVersions: [13.0.3],
cvss: 8.1,
confidence: 0.9,
collectedAt: 2025-10-30T12:05:10Z,
eventOffset: 3100,
source: concelier.overlay.v1
}
]
}

280
tests/Graph/StellaOps.Graph.Indexer.Tests/Fixtures/v1/nodes.json Normal file
View File

@@ -0,0 +1,280 @@
[
{
"kind": "artifact",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"artifact_digest": "sha256:aaa111",
"sbom_digest": "sha256:sbom111"
},
"attributes": {
"display_name": "registry.example.com/team/app:1.2.3",
"artifact_digest": "sha256:aaa111",
"sbom_digest": "sha256:sbom111",
"environment": "prod",
"labels": [
"critical",
"payments"
],
"origin_registry": "registry.example.com",
"supply_chain_stage": "deploy"
},
"provenance": {
"source": "scanner.sbom.v1",
"collected_at": "2025-10-30T12:00:00Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 1182
},
"valid_from": "2025-10-30T12:00:00Z",
"valid_to": null,
"id": "gn:tenant-alpha:artifact:RX033HH7S6JXMY66QM51S89SX76B3JXJHWHPXPPBJCD05BR3GVXG",
"hash": "891601471f7dea636ec2988966b3aee3721a1faedb7e1c8e2834355eb4e31cfd"
},
{
"kind": "artifact",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"artifact_digest": "sha256:base000",
"sbom_digest": "sha256:sbom-base"
},
"attributes": {
"display_name": "registry.example.com/base/runtime:2025.09",
"artifact_digest": "sha256:base000",
"sbom_digest": "sha256:sbom-base",
"environment": "prod",
"labels": [
"base-image"
],
"origin_registry": "registry.example.com",
"supply_chain_stage": "build"
},
"provenance": {
"source": "scanner.sbom.v1",
"collected_at": "2025-10-22T08:00:00Z",
"sbom_digest": "sha256:sbom-base",
"event_offset": 800
},
"valid_from": "2025-10-22T08:00:00Z",
"valid_to": null,
"id": "gn:tenant-alpha:artifact:KD207PSJ36Q0B19CT8K8H2FQCV0HGQRNK8QWHFXE1VWAKPF9XH00",
"hash": "11593184fe6aa37a0e1d1909d4a401084a9ca452959a369590ac20d4dff77bd8"
},
{
"kind": "component",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"purl": "pkg:nuget/Newtonsoft.Json@13.0.3",
"source_type": "inventory"
},
"attributes": {
"purl": "pkg:nuget/Newtonsoft.Json@13.0.3",
"version": "13.0.3",
"ecosystem": "nuget",
"scope": "runtime",
"license_spdx": "MIT",
"usage": "direct"
},
"provenance": {
"source": "scanner.sbom.v1",
"collected_at": "2025-10-30T12:00:01Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 1183
},
"valid_from": "2025-10-30T12:00:01Z",
"valid_to": null,
"id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"hash": "e4c22e7522573b746c654bb6bdd05d01db1bcd34db8b22e5e12d2e8528268786"
},
{
"kind": "component",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"purl": "pkg:nuget/System.Text.Encoding.Extensions@4.7.0",
"source_type": "inventory"
},
"attributes": {
"purl": "pkg:nuget/System.Text.Encoding.Extensions@4.7.0",
"version": "4.7.0",
"ecosystem": "nuget",
"scope": "runtime",
"license_spdx": "MIT",
"usage": "transitive"
},
"provenance": {
"source": "scanner.sbom.v1",
"collected_at": "2025-10-30T12:00:01Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 1184
},
"valid_from": "2025-10-30T12:00:01Z",
"valid_to": null,
"id": "gn:tenant-alpha:component:FZ9EHXFFGPDQAEKAPWZ4JX5X6KYS467PJ5D1Y4T9NFFQG2SG0DV0",
"hash": "b941ff7178451b7a0403357d08ed8996e8aea1bf40032660e18406787e57ce3f"
},
{
"kind": "file",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"artifact_digest": "sha256:aaa111",
"normalized_path": "/src/app/Program.cs",
"content_sha256": "sha256:bbb222"
},
"attributes": {
"normalized_path": "/src/app/Program.cs",
"content_sha256": "sha256:bbb222",
"language_hint": "csharp",
"size_bytes": 3472,
"scope": "build"
},
"provenance": {
"source": "scanner.layer.v1",
"collected_at": "2025-10-30T12:00:02Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 1185
},
"valid_from": "2025-10-30T12:00:02Z",
"valid_to": null,
"id": "gn:tenant-alpha:file:M1MWHCXA66MQE8FZMPK3RNRMN7Z18H4VGWX6QTNNBKABFKRACKDG",
"hash": "a0a7e7b6ff4a8357bea3273e38b3a3d801531a4f6b716513b7d4972026db3a76"
},
{
"kind": "license",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"license_spdx": "Apache-2.0",
"source_digest": "sha256:ccc333"
},
"attributes": {
"license_spdx": "Apache-2.0",
"name": "Apache License 2.0",
"classification": "permissive",
"notice_uri": "https://www.apache.org/licenses/LICENSE-2.0"
},
"provenance": {
"source": "scanner.sbom.v1",
"collected_at": "2025-10-30T12:00:03Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 1186
},
"valid_from": "2025-10-30T12:00:03Z",
"valid_to": null,
"id": "gn:tenant-alpha:license:7SDDWTRKXYG9MBK89X7JFMAQRBEZHV1NFZNSN2PBRZT5H0FHZB90",
"hash": "790f1d803dd35d9f77b08977e4dd3fc9145218ee7c68524881ee13b7a2e9ede8"
},
{
"tenant": "tenant-alpha",
"kind": "advisory",
"canonical_key": {
"advisory_id": "GHSA-1234-5678-90AB",
"advisory_source": "ghsa",
"content_hash": "sha256:ddd444",
"tenant": "tenant-alpha"
},
"attributes": {
"advisory_source": "ghsa",
"advisory_id": "GHSA-1234-5678-90AB",
"severity": "HIGH",
"published_at": "2025-10-25T09:00:00Z",
"content_hash": "sha256:ddd444",
"linkset_digest": "sha256:linkset001"
},
"provenance": {
"source": "concelier.linkset.v1",
"collected_at": "2025-10-30T12:05:10Z",
"sbom_digest": null,
"event_offset": 3100
},
"valid_from": "2025-10-25T09:00:00Z",
"valid_to": null,
"id": "gn:tenant-alpha:advisory:RFGYXZ2TG0BF117T3HCX3XYAZFXPD72991QD0JZWDVY7FXYY87R0",
"hash": "df4b4087dc6bf4c8b071ce808b97025036a6d33d30ea538a279a4f55ed7ffb8e"
},
{
"tenant": "tenant-alpha",
"kind": "vex_statement",
"canonical_key": {
"content_hash": "sha256:eee555",
"statement_id": "statement-789",
"tenant": "tenant-alpha",
"vex_source": "vendor-x"
},
"attributes": {
"status": "not_affected",
"statement_id": "statement-789",
"justification": "component not present",
"issued_at": "2025-10-27T14:30:00Z",
"expires_at": "2026-10-27T14:30:00Z",
"content_hash": "sha256:eee555"
},
"provenance": {
"source": "excititor.vex.v1",
"collected_at": "2025-10-30T12:06:00Z",
"sbom_digest": null,
"event_offset": 3302
},
"valid_from": "2025-10-27T14:30:00Z",
"valid_to": null,
"id": "gn:tenant-alpha:vex_statement:BVRF35CX6TZTHPD7YFHYTJJACPYJD86JP7C74SH07QT9JT82NDSG",
"hash": "4b613e2b8460c542597bbc70b8ba3e6796c3e1d261d0c74ce30fba42f7681f25"
},
{
"kind": "policy_version",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"policy_pack_digest": "sha256:fff666",
"effective_from": "2025-10-28T00:00:00Z"
},
"attributes": {
"policy_pack_digest": "sha256:fff666",
"policy_name": "Default Runtime Policy",
"effective_from": "2025-10-28T00:00:00Z",
"expires_at": "2026-01-01T00:00:00Z",
"explain_hash": "sha256:explain001"
},
"provenance": {
"source": "policy.engine.v1",
"collected_at": "2025-10-28T00:00:05Z",
"sbom_digest": null,
"event_offset": 4100
},
"valid_from": "2025-10-28T00:00:00Z",
"valid_to": "2026-01-01T00:00:00Z",
"id": "gn:tenant-alpha:policy_version:YZSMWHHR6Y5XR1HFRBV3H5TR6GMZVN9BPDAAVQEACV7XRYP06390",
"hash": "a8539c4d611535c3afcfd406a08208ab3bbfc81f6e31f87dd727b7d8bd9c4209"
},
{
"kind": "runtime_context",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"runtime_fingerprint": "pod-abc123",
"collector": "zastava.v1",
"observed_at": "2025-10-30T12:15:00Z"
},
"attributes": {
"runtime_fingerprint": "pod-abc123",
"collector": "zastava.v1",
"observed_at": "2025-10-30T12:15:00Z",
"cluster": "prod-cluster-1",
"namespace": "payments",
"workload_kind": "deployment",
"runtime_state": "Running"
},
"provenance": {
"source": "signals.runtime.v1",
"collected_at": "2025-10-30T12:15:05Z",
"sbom_digest": null,
"event_offset": 5109
},
"valid_from": "2025-10-30T12:15:00Z",
"valid_to": null,
"id": "gn:tenant-alpha:runtime_context:EFVARD7VM4710F8554Q3NGH0X8W7XRF3RDARE8YJWK1H3GABX8A0",
"hash": "0294c4131ba98d52674ca31a409488b73f47a193cf3a13cede8671e6112a5a29"
}
]

31
tests/Graph/StellaOps.Graph.Indexer.Tests/Fixtures/v1/policy-overlay.json Normal file
View File

@@ -0,0 +1,31 @@
{
"tenant": "tenant-alpha",
"source": "policy.engine.v1",
"collectedAt": "2025-10-30T12:07:00Z",
"eventOffset": 4200,
"policy": {
"source": "policy.engine.v1",
"policyPackDigest": "sha256:fff666",
"policyName": "Default Runtime Policy",
"effectiveFrom": "2025-10-28T00:00:00Z",
"expiresAt": "2026-01-01T00:00:00Z",
"explainHash": "sha256:explain001",
"collectedAt": "2025-10-28T00:00:05Z",
"eventOffset": 4100
},
"evaluations": [
{
"componentPurl": "pkg:nuget/Newtonsoft.Json@13.0.3",
"componentSourceType": "inventory",
"findingExplainHash": "sha256:explain001",
"explainHash": "sha256:explain001",
"policyRuleId": "rule:runtime/critical-dependency",
"verdict": "fail",
"evaluationTimestamp": "2025-10-30T12:07:00Z",
"sbomDigest": "sha256:sbom111",
"source": "policy.engine.v1",
"collectedAt": "2025-10-30T12:07:00Z",
"eventOffset": 4200
}
]
}

110
tests/Graph/StellaOps.Graph.Indexer.Tests/Fixtures/v1/sbom-snapshot.json Normal file
View File

@@ -0,0 +1,110 @@
{
"tenant": "tenant-alpha",
"source": "scanner.sbom.v1",
"artifactDigest": "sha256:aaa111",
"sbomDigest": "sha256:sbom111",
"collectedAt": "2025-10-30T12:00:00Z",
"eventOffset": 1182,
"artifact": {
"displayName": "registry.example.com/team/app:1.2.3",
"environment": "prod",
"labels": [
"critical",
"payments"
],
"originRegistry": "registry.example.com",
"supplyChainStage": "deploy"
},
"build": {
"builderId": "builder://tekton/pipeline/default",
"buildType": "https://slsa.dev/provenance/v1",
"attestationDigest": "sha256:attestation001",
"source": "scanner.provenance.v1",
"collectedAt": "2025-10-30T12:00:05Z",
"eventOffset": 2103
},
"components": [
{
"purl": "pkg:nuget/Newtonsoft.Json@13.0.3",
"version": "13.0.3",
"ecosystem": "nuget",
"scope": "runtime",
"license": {
"spdx": "MIT",
"name": "MIT License",
"classification": "permissive",
"noticeUri": "https://opensource.org/licenses/MIT",
"sourceDigest": "sha256:ccc333"
},
"usage": "direct",
"detectedBy": "sbom.analyzer.nuget",
"layerDigest": "sha256:layer123",
"evidenceDigest": "sha256:evidence001",
"collectedAt": "2025-10-30T12:00:01Z",
"eventOffset": 1183,
"source": "scanner.sbom.v1",
"files": [
{
"path": "/src/app/Program.cs",
"contentSha256": "sha256:bbb222",
"languageHint": "csharp",
"sizeBytes": 3472,
"scope": "build",
"detectedBy": "sbom.analyzer.nuget",
"evidenceDigest": "sha256:evidence003",
"collectedAt": "2025-10-30T12:00:02Z",
"eventOffset": 1185,
"source": "scanner.layer.v1"
}
],
"dependencies": [
{
"purl": "pkg:nuget/System.Text.Encoding.Extensions@4.7.0",
"version": "4.7.0",
"relationship": "direct",
"evidenceDigest": "sha256:evidence002",
"collectedAt": "2025-10-30T12:00:01Z",
"eventOffset": 1183
}
]
},
{
"purl": "pkg:nuget/System.Text.Encoding.Extensions@4.7.0",
"version": "4.7.0",
"ecosystem": "nuget",
"scope": "runtime",
"license": {
"spdx": "MIT",
"name": "MIT License",
"classification": "permissive",
"noticeUri": "https://opensource.org/licenses/MIT",
"sourceDigest": "sha256:ccc333"
},
"usage": "transitive",
"detectedBy": "sbom.analyzer.nuget",
"layerDigest": "sha256:layer123",
"evidenceDigest": "sha256:evidence001",
"collectedAt": "2025-10-30T12:00:01Z",
"eventOffset": 1184,
"source": "scanner.sbom.v1",
"files": [],
"dependencies": []
}
],
"baseArtifacts": [
{
"artifactDigest": "sha256:base000",
"sbomDigest": "sha256:sbom-base",
"displayName": "registry.example.com/base/runtime:2025.09",
"environment": "prod",
"labels": [
"base-image"
],
"originRegistry": "registry.example.com",
"supplyChainStage": "build",
"collectedAt": "2025-10-22T08:00:00Z",
"eventOffset": 800,
"source": "scanner.sbom.v1"
}
]
}

115
tests/Graph/StellaOps.Graph.Indexer.Tests/Fixtures/v1/schema-matrix.json Normal file
View File

@@ -0,0 +1,115 @@
{
"version": "v1",
"nodes": {
"artifact": [
"display_name",
"artifact_digest",
"sbom_digest",
"environment",
"labels",
"origin_registry",
"supply_chain_stage"
],
"component": [
"purl",
"version",
"ecosystem",
"scope",
"license_spdx",
"usage"
],
"file": [
"normalized_path",
"content_sha256",
"language_hint",
"size_bytes",
"scope"
],
"license": [
"license_spdx",
"name",
"classification",
"notice_uri"
],
"advisory": [
"advisory_source",
"advisory_id",
"severity",
"published_at",
"content_hash",
"linkset_digest"
],
"vex_statement": [
"status",
"statement_id",
"justification",
"issued_at",
"expires_at",
"content_hash"
],
"policy_version": [
"policy_pack_digest",
"policy_name",
"effective_from",
"expires_at",
"explain_hash"
],
"runtime_context": [
"runtime_fingerprint",
"collector",
"observed_at",
"cluster",
"namespace",
"workload_kind",
"runtime_state"
]
},
"edges": {
"CONTAINS": [
"detected_by",
"layer_digest",
"scope",
"evidence_digest"
],
"DEPENDS_ON": [
"dependency_purl",
"dependency_version",
"relationship",
"evidence_digest"
],
"DECLARED_IN": [
"detected_by",
"scope",
"evidence_digest"
],
"BUILT_FROM": [
"build_type",
"builder_id",
"attestation_digest"
],
"AFFECTED_BY": [
"evidence_digest",
"matched_versions",
"cvss",
"confidence"
],
"VEX_EXEMPTS": [
"status",
"justification",
"impact_statement",
"evidence_digest"
],
"GOVERNS_WITH": [
"verdict",
"explain_hash",
"policy_rule_id",
"evaluation_timestamp"
],
"OBSERVED_RUNTIME": [
"process_name",
"entrypoint_kind",
"runtime_evidence_digest",
"confidence"
]
}
}