sprints and audit work

2026-01-07 09:36:16 +02:00
parent 05833e0af2
commit ab364c6032
377 changed files with 64534 additions and 1627 deletions
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/LayerSbomRef.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/LayerSbomRef.cs
@@ -0,0 +1,112 @@
+using System.Collections.Immutable;
+using System.Text.Json.Serialization;
+
+namespace StellaOps.Scanner.Emit.Composition;
+
+/// <summary>
+/// Reference to a per-layer SBOM stored in CAS.
+/// </summary>
+public sealed record LayerSbomRef
+{
+    /// <summary>
+    /// The digest of the layer (e.g., "sha256:abc123...").
+    /// </summary>
+    [JsonPropertyName("layerDigest")]
+    public required string LayerDigest { get; init; }
+
+    /// <summary>
+    /// The order of the layer in the image (0-indexed).
+    /// </summary>
+    [JsonPropertyName("order")]
+    public required int Order { get; init; }
+
+    /// <summary>
+    /// SHA256 digest of the layer fragment (component list).
+    /// </summary>
+    [JsonPropertyName("fragmentDigest")]
+    public required string FragmentDigest { get; init; }
+
+    /// <summary>
+    /// SHA256 digest of the CycloneDX SBOM for this layer.
+    /// </summary>
+    [JsonPropertyName("cycloneDxDigest")]
+    public required string CycloneDxDigest { get; init; }
+
+    /// <summary>
+    /// CAS URI of the CycloneDX SBOM.
+    /// </summary>
+    [JsonPropertyName("cycloneDxCasUri")]
+    public required string CycloneDxCasUri { get; init; }
+
+    /// <summary>
+    /// SHA256 digest of the SPDX SBOM for this layer.
+    /// </summary>
+    [JsonPropertyName("spdxDigest")]
+    public required string SpdxDigest { get; init; }
+
+    /// <summary>
+    /// CAS URI of the SPDX SBOM.
+    /// </summary>
+    [JsonPropertyName("spdxCasUri")]
+    public required string SpdxCasUri { get; init; }
+
+    /// <summary>
+    /// Number of components in this layer.
+    /// </summary>
+    [JsonPropertyName("componentCount")]
+    public required int ComponentCount { get; init; }
+}
+
+/// <summary>
+/// Result of generating per-layer SBOMs.
+/// </summary>
+public sealed record LayerSbomResult
+{
+    /// <summary>
+    /// References to all per-layer SBOMs, ordered by layer order.
+    /// </summary>
+    [JsonPropertyName("layerSboms")]
+    public required ImmutableArray<LayerSbomRef> LayerSboms { get; init; }
+
+    /// <summary>
+    /// Merkle root computed from all layer SBOM digests.
+    /// </summary>
+    [JsonPropertyName("merkleRoot")]
+    public required string MerkleRoot { get; init; }
+}
+
+/// <summary>
+/// Artifact bytes for a single layer's SBOM.
+/// </summary>
+public sealed record LayerSbomArtifact
+{
+    /// <summary>
+    /// The layer digest this SBOM represents.
+    /// </summary>
+    public required string LayerDigest { get; init; }
+
+    /// <summary>
+    /// CycloneDX JSON bytes.
+    /// </summary>
+    public required byte[] CycloneDxJsonBytes { get; init; }
+
+    /// <summary>
+    /// SHA256 of CycloneDX JSON.
+    /// </summary>
+    public required string CycloneDxDigest { get; init; }
+
+    /// <summary>
+    /// SPDX JSON bytes.
+    /// </summary>
+    public required byte[] SpdxJsonBytes { get; init; }
+
+    /// <summary>
+    /// SHA256 of SPDX JSON.
+    /// </summary>
+    public required string SpdxDigest { get; init; }
+
+    /// <summary>
+    /// Number of components in this layer.
+    /// </summary>
+    public required int ComponentCount { get; init; }
+}