feat: Add initial implementation of Vulnerability Resolver Jobs

- Created project for StellaOps.Scanner.Analyzers.Native.Tests with necessary dependencies.
- Documented roles and guidelines in AGENTS.md for Scheduler module.
- Implemented IResolverJobService interface and InMemoryResolverJobService for handling resolver jobs.
- Added ResolverBacklogNotifier and ResolverBacklogService for monitoring job metrics.
- Developed API endpoints for managing resolver jobs and retrieving metrics.
- Defined models for resolver job requests and responses.
- Integrated dependency injection for resolver job services.
- Implemented ImpactIndexSnapshot for persisting impact index data.
- Introduced SignalsScoringOptions for configurable scoring weights in reachability scoring.
- Added unit tests for ReachabilityScoringService and RuntimeFactsIngestionService.
- Created dotnet-filter.sh script to handle command-line arguments for dotnet.
- Established nuget-prime project for managing package downloads.

src/SbomService/StellaOps.SbomService.Tests/SbomEndpointsTests.cs

@@ -0,0 +1,90 @@
+using System.Net;
+using System.Net.Http.Json;
+using FluentAssertions;
+using Microsoft.AspNetCore.Mvc.Testing;
+using StellaOps.SbomService.Models;
+using Xunit;
+
+namespace StellaOps.SbomService.Tests;
+
+public class SbomEndpointsTests : IClassFixture<WebApplicationFactory<Program>>
+{
+    private readonly WebApplicationFactory<Program> _factory;
+
+    public SbomEndpointsTests(WebApplicationFactory<Program> factory)
+    {
+        _factory = factory.WithWebHostBuilder(_ => { });
+    }
+
+    [Fact]
+    public async Task Paths_requires_purl()
+    {
+        var client = _factory.CreateClient();
+
+        var response = await client.GetAsync("/sbom/paths");
+
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+
+    [Fact]
+    public async Task Paths_returns_seeded_paths_with_cursor()
+    {
+        var client = _factory.CreateClient();
+
+        var response = await client.GetAsync("/sbom/paths?purl=pkg:npm/lodash@4.17.21&limit=1");
+        response.EnsureSuccessStatusCode();
+
+        var payload = await response.Content.ReadFromJsonAsync<SbomPathResult>();
+        payload.Should().NotBeNull();
+        payload!.Paths.Should().HaveCount(1);
+        payload.Purl.Should().Be("pkg:npm/lodash@4.17.21");
+        payload.NextCursor.Should().Be("1");
+    }
+
+    [Fact]
+    public async Task Versions_returns_descending_timeline()
+    {
+        var client = _factory.CreateClient();
+
+        var response = await client.GetAsync("/sbom/versions?artifact=ghcr.io/stellaops/sample-api");
+        response.EnsureSuccessStatusCode();
+
+        var payload = await response.Content.ReadFromJsonAsync<SbomTimelineResult>();
+        payload.Should().NotBeNull();
+        payload!.Versions.Should().HaveCountGreaterThan(0);
+        payload.Versions.Should().BeInDescendingOrder(v => v.CreatedAt);
+    }
+
+    [Fact]
+    public async Task Console_sboms_supports_filters_and_cursor()
+    {
+        var client = _factory.CreateClient();
+
+        var response = await client.GetAsync("/console/sboms?artifact=sample-api&limit=1");
+        response.EnsureSuccessStatusCode();
+
+        var payload = await response.Content.ReadFromJsonAsync<SbomCatalogResult>();
+        payload.Should().NotBeNull();
+        payload!.Items.Should().HaveCount(1);
+        payload.Items[0].Artifact.Should().Contain("sample-api");
+        payload.NextCursor.Should().Be("1");
+    }
+
+    [Fact]
+    public async Task Components_lookup_requires_purl_and_paginates()
+    {
+        var client = _factory.CreateClient();
+
+        var bad = await client.GetAsync("/components/lookup");
+        bad.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+
+        var response = await client.GetAsync("/components/lookup?purl=pkg:npm/lodash@4.17.21&limit=1");
+        response.EnsureSuccessStatusCode();
+
+        var payload = await response.Content.ReadFromJsonAsync<ComponentLookupResult>();
+        payload.Should().NotBeNull();
+        payload!.Neighbors.Should().HaveCount(1);
+        payload.Neighbors[0].Purl.Should().Contain("express");
+        payload.NextCursor.Should().Be("1");
+    }
+}

src/SbomService/StellaOps.SbomService.Tests/StellaOps.SbomService.Tests.csproj

@@ -0,0 +1,19 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Update="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.0-rc.2.25502.107" />
+    <PackageReference Update="FluentAssertions" Version="6.12.0" />
+    <PackageReference Update="xunit" Version="2.9.2" />
+    <PackageReference Update="xunit.runner.visualstudio" Version="2.8.2" />
+    <PackageReference Update="coverlet.collector" Version="6.0.4" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="../StellaOps.SbomService/StellaOps.SbomService.csproj" />
+  </ItemGroup>
+</Project>