save checkpoint
This commit is contained in:
master
@@ -1,35 +0,0 @@
|
||||
# Binary Intelligence Engine (Function-Level Code Fingerprinting)
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Function-level binary code fingerprinting with symbol recovery for stripped binaries, vulnerable function matching against a fingerprint corpus, and source-to-binary correlation. Extends existing binary fingerprint capabilities with intelligence-grade analysis for entrypoint-scoped binary reachability.
|
||||
|
||||
## Implementation Details
|
||||
- **Core Analyzer**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/BinaryIntelligenceAnalyzer.cs` - Main analyzer for function-level binary code fingerprinting
|
||||
- **Symbol Recovery**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/ISymbolRecovery.cs` - Interface for recovering symbols from stripped binaries
|
||||
- **Fingerprint Index**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/IFingerprintIndex.cs` - Interface for fingerprint corpus lookup
|
||||
- **Vulnerable Function Matching**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/VulnerableFunctionMatcher.cs` - Matches binary functions against known vulnerable function fingerprints
|
||||
- **Analysis Results**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/BinaryAnalysisResult.cs` - Result models for binary intelligence analysis
|
||||
- **Risk Scoring**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Risk/IRiskScorer.cs` - Risk scorer integrating binary intelligence into entrypoint risk assessment
|
||||
- **Worker Integration**:
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/EntryTraceExecutionService.cs` - Executes entry trace analysis including binary intelligence during scan
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/IEntryTraceExecutionService.cs` - Interface for entry trace execution
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan a container image containing stripped ELF binaries and verify symbol recovery identifies function boundaries
|
||||
- [ ] Verify fingerprint matching identifies known library functions in the binary via the `IFingerprintIndex`
|
||||
- [ ] Scan an image with a binary containing a known vulnerable function and verify `VulnerableFunctionMatcher` flags it
|
||||
- [ ] Verify binary intelligence results include source-to-binary correlation where debug info is available
|
||||
- [ ] Verify binary analysis results appear in the entry trace response via `GET /api/v1/scans/{scanId}/entry-trace`
|
||||
- [ ] Verify binary-level reachability findings contribute to the overall risk score
|
||||
@@ -1,46 +0,0 @@
|
||||
# Binary SBOM and Build-ID to PURL Mapping
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Binary call graph extraction, patch verification with signature stores and evidence models, and binary index service extensions for the scanner worker.
|
||||
|
||||
## Implementation Details
|
||||
- **Binary Call Graph Extraction**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/BinaryCallGraphExtractor.cs` - Extracts call graphs from native binaries
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/DependencyInjection/CallGraphServiceCollectionExtensions.cs` - DI registration
|
||||
- **Patch Verification**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/IPatchVerificationOrchestrator.cs` - Orchestrator interface
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/PatchVerificationOrchestrator.cs` - Orchestrates patch verification workflow
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/IPatchSignatureStore.cs` - Interface for patch signature storage
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/InMemoryPatchSignatureStore.cs` - In-memory signature store implementation
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/EvidenceIdGenerator.cs` - Generates evidence IDs for patch verification results
|
||||
- **Patch Verification Models**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationResult.cs` - Result model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationEvidence.cs` - Evidence model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationContext.cs` - Context model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationStatus.cs` - Status enum
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationOptions.cs` - Options
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/DsseEnvelopeRef.cs` - DSSE envelope reference
|
||||
- **Worker Integration**:
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Extensions/BinaryIndexServiceExtensions.cs` - `BinaryIndexServiceExtensions` registering `IBinaryVulnerabilityService`, `IBinaryFeatureExtractor`
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/BinaryLookupStageExecutor.cs` - Binary lookup stage during scan
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/BinaryVulnerabilityAnalyzer.cs` - Binary vulnerability analysis
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/BinaryFindingMapper.cs` - Maps binary findings to unified finding model
|
||||
- **Build-ID Index**:
|
||||
- `src/Scanner/StellaOps.Scanner.Analyzers.Native/Index/OfflineBuildIdIndex.cs` - Offline build-ID to PURL index
|
||||
- `src/Scanner/StellaOps.Scanner.Analyzers.Native/Index/IBuildIdIndex.cs` - Interface for build-ID index
|
||||
- `src/Scanner/StellaOps.Scanner.Analyzers.Native/Index/BuildIdIndexEntry.cs` - Index entry model
|
||||
- `src/Scanner/StellaOps.Scanner.Analyzers.Native/Index/BuildIdLookupResult.cs` - Lookup result model
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan a container image with native binaries containing ELF build-IDs and verify build-ID to PURL mapping resolves correctly
|
||||
- [ ] Verify binary call graph extraction produces a valid call graph for native binaries via `BinaryCallGraphExtractor`
|
||||
- [ ] Trigger patch verification on a scanned binary and verify `PatchVerificationOrchestrator` produces evidence with status and signature references
|
||||
- [ ] Verify binary vulnerability findings are mapped to the unified finding model and appear in scan results
|
||||
- [ ] Verify the offline build-ID index (`OfflineBuildIdIndex`) can resolve build-IDs without network access
|
||||
- [ ] Export scan results as SBOM and verify binary components include PURL identifiers derived from build-ID mapping
|
||||
@@ -1,30 +0,0 @@
|
||||
# Bug ID to CVE Mapping in Changelog Parsing
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Regex-based extraction of bug tracker references (Debian "Closes: #123456", RHBZ#123456, Launchpad "LP: #123456") from changelogs, with cross-reference to CVE IDs for Tier 2 backport evidence.
|
||||
|
||||
## Implementation Details
|
||||
- **Changelog Parsing (OS Analyzers)**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Rpm/RpmPackageAnalyzer.cs` - RPM package analyzer with changelog parsing
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Rpm/Internal/RpmHeaderParser.cs` - Parses RPM headers including changelog entries
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Rpm/Internal/RpmHeader.cs` - RPM header model with changelog tags
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Rpm/Internal/RpmTags.cs` - RPM tag definitions including changelog-related tags
|
||||
- **Pedigree & Commit Mapping**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Pedigree/FeedserPedigreeDataProvider.cs` - Provides pedigree data including changelog-derived CVE references
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Pedigree/CommitInfoBuilder.cs` - Builds commit info with bug tracker cross-references
|
||||
- **Material Changes Integration**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.MaterialChanges/CardGenerators.cs` - Generates material change cards including changelog-derived bug-to-CVE mappings
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan a container image with Debian packages containing changelogs with "Closes: #NNNNNN" references and verify bug IDs are extracted
|
||||
- [ ] Scan an image with RPM packages containing changelogs with RHBZ# references and verify extraction
|
||||
- [ ] Verify extracted bug IDs are cross-referenced to CVE IDs and appear as Tier 2 backport evidence
|
||||
- [ ] Verify the pedigree data includes changelog-derived CVE mappings in the scan report
|
||||
- [ ] Verify material change cards reference changelog bug-to-CVE correlations
|
||||
- [ ] Verify Launchpad "LP: #NNNNNN" references are extracted from Ubuntu package changelogs
|
||||
@@ -1,43 +0,0 @@
|
||||
# Build Provenance Verification Module with SLSA Level Evaluator
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Scanner stage that evaluates SLSA provenance levels (L0-L4) for artifacts, verifies builder identity against trusted builder lists, checks reproducibility claims, and builds provenance chains. Integrates as a dedicated pipeline stage in the scanner worker.
|
||||
|
||||
## Implementation Details
|
||||
- **Core Analyzer**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuildProvenanceAnalyzer.cs` - Main orchestrator for build provenance analysis
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/BuildProvenanceServiceCollectionExtensions.cs` - DI registration
|
||||
- **SLSA Level Evaluation**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/SlsaLevelEvaluator.cs` - Evaluates SLSA provenance levels (L0-L4)
|
||||
- **Builder Verification**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuilderVerifier.cs` - Verifies builder identity against trusted builder lists
|
||||
- **Reproducibility**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/ReproducibilityVerifier.cs` - Checks reproducibility claims
|
||||
- **Provenance Chain**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuildProvenanceChainBuilder.cs` - Builds provenance chains linking build steps
|
||||
- **Additional Verifiers**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuildInputIntegrityChecker.cs` - Verifies integrity of build inputs
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuildConfigVerifier.cs` - Verifies build configuration
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/SourceVerifier.cs` - Verifies source provenance
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuildProvenancePatternMatcher.cs` - Pattern matching for provenance artifacts
|
||||
- **Policy**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Policy/BuildProvenancePolicyLoader.cs` - Loads build provenance policies
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Policy/BuildProvenancePolicy.cs` - Policy model
|
||||
- **Models**: `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Models/BuildProvenanceModels.cs`
|
||||
- **Reporting**: `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Reporting/BuildProvenanceReportFormatter.cs`
|
||||
- **Worker Stage**: `src/Scanner/StellaOps.Scanner.Worker/Processing/BuildProvenance/BuildProvenanceStageExecutor.cs`
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan an artifact with SLSA L1 provenance and verify `SlsaLevelEvaluator` assigns level L1
|
||||
- [ ] Scan an artifact with full SLSA L3 provenance (signed, non-falsifiable) and verify level L3 assignment
|
||||
- [ ] Provide a trusted builder list and verify `BuilderVerifier` validates/rejects builder identities
|
||||
- [ ] Scan an artifact with reproducibility claims and verify `ReproducibilityVerifier` validates them
|
||||
- [ ] Verify `BuildProvenanceChainBuilder` links build steps into a verifiable chain
|
||||
- [ ] Verify build provenance findings appear in scan report with SLSA level, builder identity, and chain details
|
||||
- [ ] Scan an artifact with no provenance and verify it is assigned SLSA L0
|
||||
@@ -1,28 +0,0 @@
|
||||
# Bun Call Graph Extractor
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Static call graph extraction for Bun runtime JavaScript/TypeScript codebases, extending the multi-language extractor framework with Bun-specific entrypoint detection and sink matching.
|
||||
|
||||
## Implementation Details
|
||||
- **Call Graph Extractor**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Bun/BunCallGraphExtractor.cs` - Static call graph extraction for Bun runtime codebases
|
||||
- **Entrypoint Detection**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Bun/BunEntrypointClassifier.cs` - Classifies Bun-specific entrypoints (e.g., `Bun.serve`, macros, plugins)
|
||||
- **Sink Matching**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Bun/BunSinkMatcher.cs` - Matches Bun-specific security-sensitive sinks (file I/O, shell exec, FFI, etc.)
|
||||
- **DI Registration**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/DependencyInjection/CallGraphServiceCollectionExtensions.cs`
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan a container image containing a Bun application with `Bun.serve` entrypoints
|
||||
- [ ] Verify call graph extraction produces nodes for Bun-specific entrypoints (HTTP handlers, macros, plugins)
|
||||
- [ ] Verify `BunSinkMatcher` identifies Bun-specific sinks (e.g., `Bun.file`, `Bun.spawn`, `Bun.ffi`)
|
||||
- [ ] Verify the extracted call graph links entrypoints to sinks through the application code
|
||||
- [ ] Verify call graph data is available in reachability analysis via `GET /api/v1/scans/{scanId}/reachability`
|
||||
- [ ] Verify TypeScript and JavaScript files are both analyzed correctly in mixed Bun projects
|
||||
@@ -1,52 +0,0 @@
|
||||
# Bun Language Analyzer
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Full language analyzer for the Bun JavaScript runtime including bun.lockb binary lockfile parser, installed package collector, workspace/monorepo support, scope classification (dev/prod/peer), symlink safety checks, CLI verbs, and WebService endpoints for Worker integration.
|
||||
|
||||
## Implementation Details
|
||||
- **Analyzer Plugin**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/BunAnalyzerPlugin.cs` - Plugin entry point for Bun analyzer
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/BunLanguageAnalyzer.cs` - Main language analyzer implementation
|
||||
- **Lockfile Parsing**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockParser.cs` - Parses `bun.lockb` binary lockfiles
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockData.cs` - Parsed lock data model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockEntry.cs` - Individual lock entry model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockInventory.cs` - Inventory built from lockfile
|
||||
- **Package Collection**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunInstalledCollector.cs` - Collects installed packages from filesystem
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunDeclaredDependencyCollector.cs` - Collects declared dependencies from package.json
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunPackage.cs` - Package model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunPackageNormalizer.cs` - Package normalization
|
||||
- **Scope & Classification**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockScopeClassifier.cs` - Classifies dependencies as dev/prod/peer
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunInputClassification.cs` - Input file classification
|
||||
- **Workspace/Monorepo**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunWorkspaceHelper.cs` - Workspace and monorepo support
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunProjectDiscoverer.cs` - Discovers Bun projects in filesystem
|
||||
- **Input & Config**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunInputNormalizer.cs` - Normalizes input for determinism
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunConfigHelper.cs` - Configuration helpers
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunVersionSpec.cs` - Version specification parsing
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunEvidenceHasher.cs` - Evidence hashing for determinism
|
||||
- **Worker Integration**:
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/Surface/BunPackageInventoryBuilder.cs` - Builds package inventory during scan
|
||||
- **Storage**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Services/BunPackageInventoryStore.cs` - Package inventory store
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Repositories/BunPackageInventoryRepository.cs` - Repository
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Catalog/BunPackageInventoryDocument.cs` - Document model
|
||||
- **WebService**: `src/Scanner/StellaOps.Scanner.WebService/Contracts/BunContracts.cs` - API contracts for Bun scan results
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan a container image containing a Bun project with `bun.lockb` and verify all packages are parsed correctly
|
||||
- [ ] Verify scope classification distinguishes dev, prod, and peer dependencies
|
||||
- [ ] Scan a Bun workspace/monorepo and verify all workspace packages are discovered and analyzed
|
||||
- [ ] Verify installed package collection from node_modules matches lockfile data
|
||||
- [ ] Verify the scan results include PURL identifiers for all Bun packages
|
||||
- [ ] Verify symlink safety checks flag potentially unsafe symlinks in node_modules
|
||||
- [ ] Verify Bun scan results are available via the WebService API contracts
|
||||
@@ -1,34 +0,0 @@
|
||||
# BYOS (Bring Your Own SBOM) Ingestion Workflow
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Allows users to upload externally-generated SBOMs (CycloneDX 1.4-1.6, SPDX 2.3/3.0) via REST API. Includes automatic format detection, schema validation, component normalization, quality scoring (PURL/version/license coverage weighted 40/30/30), SHA-256 digest computation, and automatic scan/analysis triggering. Supports both inline JSON and base64-encoded payloads with CI context metadata.
|
||||
|
||||
## Implementation Details
|
||||
- **Upload Endpoints**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SbomUploadEndpoints.cs` - `SbomUploadEndpoints` for REST upload API
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SbomEndpoints.cs` - Additional SBOM query endpoints
|
||||
- **Contracts**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/SbomContracts.cs` - `SbomUploadRequestDto`, `SbomUploadResponseDto`, `SbomValidationSummaryDto`, `SbomFormats`, `SbomAncestryDto`, `SbomUploadSourceDto`, `SbomUploadCiContextDto`
|
||||
- **Ingestion Service**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/ISbomIngestionService.cs` - `ISbomIngestionService`, `SbomIngestionResult`, `SbomValidationResult`
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/SbomIngestionService.cs` - Format detection, schema validation, component normalization, quality scoring, digest computation
|
||||
- **BYOS Upload Service**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/SbomByosUploadService.cs` - `ISbomByosUploadService` / `SbomByosUploadService` for external SBOM ingestion
|
||||
- **Upload Store**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/SbomUploadStore.cs` - `ISbomUploadStore`, `InMemorySbomUploadStore`, `SbomUploadRecord`
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Upload a CycloneDX 1.6 JSON SBOM via `POST /api/v1/sbom/upload` with inline JSON payload and verify acceptance
|
||||
- [ ] Upload an SPDX 2.3 SBOM via base64-encoded payload with CI context metadata and verify ingestion
|
||||
- [ ] Verify automatic format detection correctly identifies CycloneDX vs SPDX format
|
||||
- [ ] Verify schema validation rejects an invalid SBOM with appropriate error details
|
||||
- [ ] Verify quality scoring returns PURL/version/license coverage percentages (40/30/30 weighted)
|
||||
- [ ] Verify SHA-256 digest is computed and returned in the response
|
||||
- [ ] Verify automatic scan/analysis is triggered after successful ingestion
|
||||
- [ ] Query the uploaded SBOM status via `GET /api/v1/sbom/uploads/{id}` and verify metadata
|
||||
Reference in New Issue
Block a user