stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Add unit tests for SBOM ingestion and transformation
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly.
- Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps.
- Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges.
- Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges.
- Set up project file for the test project with necessary dependencies and configurations.
- Include JSON fixture files for testing purposes.
This commit is contained in:
master
2025-11-04 07:49:39 +02:00
parent f72c5c513a
commit 2eb6852d34
491 changed files with 39445 additions and 3917 deletions
Download Patch File Download Diff File Expand all files Collapse all files

209
tests/Graph/StellaOps.Graph.Indexer.Tests/Fixtures/v1/edges.json Normal file
View File

@@ -0,0 +1,209 @@
[
{
"kind": "CONTAINS",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"artifact_node_id": "gn:tenant-alpha:artifact:RX033HH7S6JXMY66QM51S89SX76B3JXJHWHPXPPBJCD05BR3GVXG",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"sbom_digest": "sha256:sbom111"
},
"attributes": {
"detected_by": "sbom.analyzer.nuget",
"layer_digest": "sha256:layer123",
"scope": "runtime",
"evidence_digest": "sha256:evidence001"
},
"provenance": {
"source": "scanner.sbom.v1",
"collected_at": "2025-10-30T12:00:02Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 2100
},
"valid_from": "2025-10-30T12:00:02Z",
"valid_to": null,
"id": "ge:tenant-alpha:CONTAINS:EVA5N7P029VYV9W8Q7XJC0JFTEQYFSAQ6381SNVM3T1G5290XHTG",
"hash": "139e534be32f666cbd8e4fb0daee629b7b133ef8d10e98413ffc33fde59f7935"
},
{
"kind": "DEPENDS_ON",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"dependency_purl": "pkg:nuget/System.Text.Encoding.Extensions@4.7.0",
"sbom_digest": "sha256:sbom111"
},
"attributes": {
"dependency_purl": "pkg:nuget/System.Text.Encoding.Extensions@4.7.0",
"dependency_version": "4.7.0",
"relationship": "direct",
"evidence_digest": "sha256:evidence002"
},
"provenance": {
"source": "scanner.sbom.v1",
"collected_at": "2025-10-30T12:00:02Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 2101
},
"valid_from": "2025-10-30T12:00:02Z",
"valid_to": null,
"id": "ge:tenant-alpha:DEPENDS_ON:FJ7GZ9RHPKPR30XVKECD702QG20PGT3V75DY1GST8AAW9SR8TBB0",
"hash": "4caae0dff840dee840d413005f1b493936446322e8cfcecd393983184cc399c1"
},
{
"kind": "DECLARED_IN",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"file_node_id": "gn:tenant-alpha:file:M1MWHCXA66MQE8FZMPK3RNRMN7Z18H4VGWX6QTNNBKABFKRACKDG",
"sbom_digest": "sha256:sbom111"
},
"attributes": {
"detected_by": "sbom.analyzer.nuget",
"scope": "runtime",
"evidence_digest": "sha256:evidence003"
},
"provenance": {
"source": "scanner.layer.v1",
"collected_at": "2025-10-30T12:00:03Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 2102
},
"valid_from": "2025-10-30T12:00:03Z",
"valid_to": null,
"id": "ge:tenant-alpha:DECLARED_IN:T7E8NQEMKXPZ3T1SWT8HXKWAHJVS9QKD87XBKAQAAQ29CDHEA47G",
"hash": "2a2e7ba8785d75eb11feebc2df99a6a04d05ee609b36cbe0b15fa142e4c4f184"
},
{
"kind": "BUILT_FROM",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"parent_artifact_node_id": "gn:tenant-alpha:artifact:RX033HH7S6JXMY66QM51S89SX76B3JXJHWHPXPPBJCD05BR3GVXG",
"child_artifact_digest": "sha256:base000"
},
"attributes": {
"build_type": "https://slsa.dev/provenance/v1",
"builder_id": "builder://tekton/pipeline/default",
"attestation_digest": "sha256:attestation001"
},
"provenance": {
"source": "scanner.provenance.v1",
"collected_at": "2025-10-30T12:00:05Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 2103
},
"valid_from": "2025-10-30T12:00:05Z",
"valid_to": null,
"id": "ge:tenant-alpha:BUILT_FROM:HJNKVFSDSA44HRY0XAJ0GBEVPD2S82JFF58BZVRT9QF6HB2EGPJG",
"hash": "17bdb166f4ba05406ed17ec38d460fb83bd72cec60095f0966b1d79c2a55f1de"
},
{
"kind": "AFFECTED_BY",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"advisory_node_id": "gn:tenant-alpha:advisory:RFGYXZ2TG0BF117T3HCX3XYAZFXPD72991QD0JZWDVY7FXYY87R0",
"linkset_digest": "sha256:linkset001"
},
"attributes": {
"evidence_digest": "sha256:evidence004",
"matched_versions": [
"13.0.3"
],
"cvss": 8.1,
"confidence": 0.9
},
"provenance": {
"source": "concelier.overlay.v1",
"collected_at": "2025-10-30T12:05:10Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 3100
},
"valid_from": "2025-10-30T12:05:10Z",
"valid_to": null,
"id": "ge:tenant-alpha:AFFECTED_BY:1V3NRKAR6KMXAWZ89R69G8JAY3HV7DXNB16YY9X25X1TAFW9VGYG",
"hash": "45e845ee51dc2e8e8990707906bddcd3ecedf209de10b87ce8eed604dcc51ff5"
},
{
"kind": "VEX_EXEMPTS",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"vex_node_id": "gn:tenant-alpha:vex_statement:BVRF35CX6TZTHPD7YFHYTJJACPYJD86JP7C74SH07QT9JT82NDSG",
"statement_hash": "sha256:eee555"
},
"attributes": {
"status": "not_affected",
"justification": "component not present",
"impact_statement": "Library not loaded at runtime",
"evidence_digest": "sha256:evidence005"
},
"provenance": {
"source": "excititor.overlay.v1",
"collected_at": "2025-10-30T12:06:10Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 3200
},
"valid_from": "2025-10-30T12:06:10Z",
"valid_to": null,
"id": "ge:tenant-alpha:VEX_EXEMPTS:DT0BBCM9S0KJVF61KVR7D2W8DVFTKK03F3TFD4DR9DRS0T5CWZM0",
"hash": "0ae4085e510898e68ad5cb48b7385a1ae9af68fcfea9bd5c22c47d78bb1c2f2e"
},
{
"kind": "GOVERNS_WITH",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"policy_node_id": "gn:tenant-alpha:policy_version:YZSMWHHR6Y5XR1HFRBV3H5TR6GMZVN9BPDAAVQEACV7XRYP06390",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"finding_explain_hash": "sha256:explain001"
},
"attributes": {
"verdict": "fail",
"explain_hash": "sha256:explain001",
"policy_rule_id": "rule:runtime/critical-dependency",
"evaluation_timestamp": "2025-10-30T12:07:00Z"
},
"provenance": {
"source": "policy.engine.v1",
"collected_at": "2025-10-30T12:07:00Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 4200
},
"valid_from": "2025-10-30T12:07:00Z",
"valid_to": null,
"id": "ge:tenant-alpha:GOVERNS_WITH:XG3KQTYT8D4NY0BTFXWGBQY6TXR2MRYDWZBQT07T0200NQ72AFG0",
"hash": "38a05081a9b046bfd391505d47da6b7c6e3a74e114999b38a4e4e9341f2dc279"
},
{
"kind": "OBSERVED_RUNTIME",
"tenant": "tenant-alpha",
"canonical_key": {
"tenant": "tenant-alpha",
"runtime_node_id": "gn:tenant-alpha:runtime_context:EFVARD7VM4710F8554Q3NGH0X8W7XRF3RDARE8YJWK1H3GABX8A0",
"component_node_id": "gn:tenant-alpha:component:BQSZFXSPNGS6M8XEQZ6XX3E7775XZQABM301GFPFXCQSQSA1WHZ0",
"runtime_fingerprint": "pod-abc123"
},
"attributes": {
"process_name": "dotnet",
"entrypoint_kind": "container",
"runtime_evidence_digest": "sha256:evidence006",
"confidence": 0.8
},
"provenance": {
"source": "signals.runtime.v1",
"collected_at": "2025-10-30T12:15:10Z",
"sbom_digest": "sha256:sbom111",
"event_offset": 5200
},
"valid_from": "2025-10-30T12:15:10Z",
"valid_to": null,
"id": "ge:tenant-alpha:OBSERVED_RUNTIME:CVV4ACPPJVHWX2NRZATB8H045F71HXT59TQHEZE2QBAQGJDK1FY0",
"hash": "15d24ebdf126b6f8947d3041f8cbb291bb66e8f595737a7c7dd2683215568367"
}
]