stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

more features checks. setup improvements

Browse Source
This commit is contained in:
master
2026-02-13 02:04:55 +02:00
parent 9911b7d73c
commit 9ca2de05df
675 changed files with 37550 additions and 1826 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/features/checked/concelier/sbom-advisory-intersection-matching-and-learning.md Normal file
View File

@@ -0,0 +1,27 @@
# SBOM-Advisory Intersection Matching and Learning
## Module
Concelier
## Status
IMPLEMENTED
## Description
SBOM registration and learning system that finds which canonical advisories affect an organization's components. Matches by PURL and CPE, triggers interest score updates, and supports incremental delta SBOM matching. Provides POST /api/v1/learn/sbom endpoint and auto-learning from scan events.
## Implementation Details
- **Modules**: `src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/`, `src/Concelier/__Libraries/StellaOps.Concelier.Interest/`
- **Key Classes**:
- `SbomAdvisoryMatcher` (`src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Matching/SbomAdvisoryMatcher.cs`) - matches SBOM components against canonical advisories by PURL and CPE
- `ParsedSbomParser` (`src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Parsing/ParsedSbomParser.cs`) - parses SBOMs for component extraction
- `InterestScoringService` (`src/Concelier/__Libraries/StellaOps.Concelier.Interest/InterestScoringService.cs`) - triggered to update interest scores after SBOM matching
- `InterestScoreCalculator` (`src/Concelier/__Libraries/StellaOps.Concelier.Interest/InterestScoreCalculator.cs`) - recalculates interest based on SBOM intersection
- **Interfaces**: `ISbomAdvisoryMatcher`, `IParsedSbomParser`, `IInterestScoringService`
- **Source**: SPRINT_8200_0013_0003_SCAN_sbom_intersection_scoring.md
## E2E Test Plan
- [ ] Submit an SBOM via the learn endpoint and verify advisories affecting its components are identified
- [ ] Verify PURL matching: SBOM with a component matching an advisory PURL produces a match
- [ ] Verify CPE matching: SBOM with a component matching an advisory CPE produces a match
- [ ] Verify interest score update: after SBOM learning, affected advisories have their interest scores recalculated
- [ ] Verify incremental delta: submit an updated SBOM with new components and verify only the delta is processed