stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

license switch agpl -> busl1, sprints work, new product advisories

Browse Source
This commit is contained in:
master
2026-01-20 15:32:20 +02:00
parent 4903395618
commit c32fff8f86
1835 changed files with 38630 additions and 4359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

694
src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Models/ParsedSbom.cs Normal file
View File

@@ -0,0 +1,694 @@
// -----------------------------------------------------------------------------
// ParsedSbom.cs
// Sprint: SPRINT_20260119_015_Concelier_sbom_full_extraction
// Task: TASK-015-001 - Parsed SBOM model
// Description: Enriched SBOM extraction model for downstream consumers
// -----------------------------------------------------------------------------
using System.Collections.Immutable;
namespace StellaOps.Concelier.SbomIntegration.Models;
/// <summary>
/// Enriched SBOM extraction result.
/// </summary>
public sealed record ParsedSbom
{
public required string Format { get; init; }
public required string SpecVersion { get; init; }
public required string SerialNumber { get; init; }
public ImmutableArray<ParsedComponent> Components { get; init; } = [];
public ImmutableArray<ParsedService> Services { get; init; } = [];
public ImmutableArray<ParsedDependency> Dependencies { get; init; } = [];
public ImmutableArray<ParsedComposition> Compositions { get; init; } = [];
public ImmutableArray<ParsedVulnerability> Vulnerabilities { get; init; } = [];
public ParsedFormulation? Formulation { get; init; }
public ParsedBuildInfo? BuildInfo { get; init; }
public ParsedDeclarations? Declarations { get; init; }
public ParsedDefinitions? Definitions { get; init; }
public ImmutableArray<ParsedAnnotation> Annotations { get; init; } = [];
public required ParsedSbomMetadata Metadata { get; init; }
}
/// <summary>
/// Metadata extracted from SBOM headers.
/// </summary>
public sealed record ParsedSbomMetadata
{
public string? Name { get; init; }
public string? Version { get; init; }
public DateTimeOffset? Timestamp { get; init; }
public ImmutableArray<string> Tools { get; init; } = [];
public ImmutableArray<string> Authors { get; init; } = [];
public string? Supplier { get; init; }
public string? Manufacturer { get; init; }
public ImmutableArray<string> Profiles { get; init; } = [];
public ImmutableArray<ParsedNamespaceMapEntry> NamespaceMap { get; init; } = [];
public ImmutableArray<string> Imports { get; init; } = [];
public string? RootComponentRef { get; init; }
}
public sealed record ParsedNamespaceMapEntry
{
public required string Prefix { get; init; }
public required string Namespace { get; init; }
}
/// <summary>
/// Software component extracted from an SBOM.
/// </summary>
public sealed record ParsedComponent
{
public required string BomRef { get; init; }
public string? Type { get; init; }
public required string Name { get; init; }
public string? Version { get; init; }
public string? Purl { get; init; }
public string? Cpe { get; init; }
public string? Group { get; init; }
public string? Publisher { get; init; }
public string? Description { get; init; }
public ImmutableArray<ParsedHash> Hashes { get; init; } = [];
public ImmutableArray<ParsedLicense> Licenses { get; init; } = [];
public ImmutableArray<ParsedExternalRef> ExternalReferences { get; init; } = [];
public ImmutableDictionary<string, string> Properties { get; init; } =
ImmutableDictionary<string, string>.Empty;
public ParsedEvidence? Evidence { get; init; }
public ParsedPedigree? Pedigree { get; init; }
public ParsedCryptoProperties? CryptoProperties { get; init; }
public ParsedModelCard? ModelCard { get; init; }
public ParsedOrganization? Supplier { get; init; }
public ParsedOrganization? Manufacturer { get; init; }
public ComponentScope Scope { get; init; } = ComponentScope.Required;
public bool Modified { get; init; }
}
public enum ComponentScope
{
Required,
Optional,
Excluded,
Unknown
}
public sealed record ParsedHash
{
public required string Algorithm { get; init; }
public required string Value { get; init; }
}
public sealed record ParsedExternalRef
{
public string? Type { get; init; }
public string? Url { get; init; }
public string? Comment { get; init; }
public ImmutableArray<ParsedHash> Hashes { get; init; } = [];
}
public sealed record ParsedOrganization
{
public string? Name { get; init; }
public string? Url { get; init; }
public string? Contact { get; init; }
}
public sealed record ParsedEvidence
{
public ParsedEvidenceIdentity? Identity { get; init; }
public ImmutableArray<ParsedEvidenceOccurrence> Occurrences { get; init; } = [];
public ParsedEvidenceCallstack? Callstack { get; init; }
public ImmutableArray<ParsedLicense> Licenses { get; init; } = [];
public ImmutableArray<string> Copyrights { get; init; } = [];
}
public sealed record ParsedEvidenceIdentity
{
public string? Field { get; init; }
public double? Confidence { get; init; }
public string? Value { get; init; }
}
public sealed record ParsedEvidenceOccurrence
{
public string? Location { get; init; }
public int? Line { get; init; }
public int? Offset { get; init; }
public string? Symbol { get; init; }
public string? AdditionalContext { get; init; }
}
public sealed record ParsedEvidenceCallstack
{
public ImmutableArray<ParsedCallstackFrame> Frames { get; init; } = [];
}
public sealed record ParsedCallstackFrame
{
public string? Package { get; init; }
public string? Module { get; init; }
public string? Function { get; init; }
public ImmutableArray<string> Parameters { get; init; } = [];
public int? Line { get; init; }
public int? Column { get; init; }
public string? FullFilename { get; init; }
}
public sealed record ParsedPedigree
{
public ImmutableArray<ParsedComponentReference> Ancestors { get; init; } = [];
public ImmutableArray<ParsedComponentReference> Variants { get; init; } = [];
public ImmutableArray<ParsedComponentReference> Commits { get; init; } = [];
public ImmutableArray<ParsedPatch> Patches { get; init; } = [];
public ImmutableArray<string> Notes { get; init; } = [];
}
public sealed record ParsedComponentReference
{
public string? BomRef { get; init; }
public string? Version { get; init; }
public string? Description { get; init; }
}
public sealed record ParsedPatch
{
public string? Type { get; init; }
public string? Diff { get; init; }
public string? Url { get; init; }
}
public sealed record ParsedService
{
public required string BomRef { get; init; }
public string? Provider { get; init; }
public string? Group { get; init; }
public required string Name { get; init; }
public string? Version { get; init; }
public string? Description { get; init; }
public ImmutableArray<string> Endpoints { get; init; } = [];
public bool Authenticated { get; init; }
public bool CrossesTrustBoundary { get; init; }
public ImmutableArray<ParsedDataFlow> Data { get; init; } = [];
public ImmutableArray<ParsedLicense> Licenses { get; init; } = [];
public ImmutableArray<ParsedExternalRef> ExternalReferences { get; init; } = [];
public ImmutableArray<ParsedService> NestedServices { get; init; } = [];
public ImmutableDictionary<string, string> Properties { get; init; } =
ImmutableDictionary<string, string>.Empty;
}
public sealed record ParsedDataFlow
{
public DataFlowDirection Direction { get; init; }
public string? Classification { get; init; }
public string? SourceRef { get; init; }
public string? DestinationRef { get; init; }
}
public enum DataFlowDirection
{
Unknown,
Inbound,
Outbound,
Bidirectional
}
public sealed record ParsedDependency
{
public required string SourceRef { get; init; }
public ImmutableArray<string> DependsOn { get; init; } = [];
public DependencyScope Scope { get; init; } = DependencyScope.Runtime;
}
public enum DependencyScope
{
Runtime,
Development,
Optional,
Test,
Unknown
}
public sealed record ParsedComposition
{
public CompositionAggregate Aggregate { get; init; } = CompositionAggregate.Unknown;
public ImmutableArray<string> Assemblies { get; init; } = [];
public ImmutableArray<string> Dependencies { get; init; } = [];
public ImmutableArray<string> Vulnerabilities { get; init; } = [];
}
public enum CompositionAggregate
{
Complete,
Incomplete,
IncompleteFirstPartyProprietary,
IncompleteFirstPartyOpenSource,
IncompleteThirdPartyProprietary,
IncompleteThirdPartyOpenSource,
Unknown,
NotSpecified
}
public sealed record ParsedAnnotation
{
public string? BomRef { get; init; }
public ImmutableArray<string> Subjects { get; init; } = [];
public ParsedAnnotator? Annotator { get; init; }
public DateTimeOffset? Timestamp { get; init; }
public string? Text { get; init; }
}
public sealed record ParsedAnnotator
{
public string? Type { get; init; }
public string? Name { get; init; }
public string? Reference { get; init; }
}
public sealed record ParsedFormulation
{
public string? BomRef { get; init; }
public ImmutableArray<ParsedFormula> Components { get; init; } = [];
public ImmutableArray<ParsedWorkflow> Workflows { get; init; } = [];
public ImmutableArray<ParsedTask> Tasks { get; init; } = [];
public ImmutableDictionary<string, string> Properties { get; init; } =
ImmutableDictionary<string, string>.Empty;
}
public sealed record ParsedFormula
{
public string? BomRef { get; init; }
public ImmutableArray<string> ComponentRefs { get; init; } = [];
public ImmutableDictionary<string, string> Properties { get; init; } =
ImmutableDictionary<string, string>.Empty;
}
public sealed record ParsedWorkflow
{
public string? Name { get; init; }
public string? Description { get; init; }
public ImmutableArray<string> InputRefs { get; init; } = [];
public ImmutableArray<string> OutputRefs { get; init; } = [];
public ImmutableArray<ParsedTask> Tasks { get; init; } = [];
public ImmutableDictionary<string, string> Properties { get; init; } =
ImmutableDictionary<string, string>.Empty;
}
public sealed record ParsedTask
{
public string? Name { get; init; }
public string? Description { get; init; }
public ImmutableArray<string> InputRefs { get; init; } = [];
public ImmutableArray<string> OutputRefs { get; init; } = [];
public ImmutableDictionary<string, string> Parameters { get; init; } =
ImmutableDictionary<string, string>.Empty;
public ImmutableDictionary<string, string> Properties { get; init; } =
ImmutableDictionary<string, string>.Empty;
}
public sealed record ParsedBuildInfo
{
public required string BuildId { get; init; }
public string? BuildType { get; init; }
public DateTimeOffset? BuildStartTime { get; init; }
public DateTimeOffset? BuildEndTime { get; init; }
public string? ConfigSourceEntrypoint { get; init; }
public string? ConfigSourceDigest { get; init; }
public string? ConfigSourceUri { get; init; }
public ImmutableDictionary<string, string> Environment { get; init; } =
ImmutableDictionary<string, string>.Empty;
public ImmutableDictionary<string, string> Parameters { get; init; } =
ImmutableDictionary<string, string>.Empty;
}
public sealed record ParsedCryptoProperties
{
public CryptoAssetType AssetType { get; init; }
public ParsedAlgorithmProperties? AlgorithmProperties { get; init; }
public ParsedCertificateProperties? CertificateProperties { get; init; }
public ParsedProtocolProperties? ProtocolProperties { get; init; }
public ParsedRelatedCryptoMaterial? RelatedCryptoMaterial { get; init; }
public string? Oid { get; init; }
}
public enum CryptoAssetType
{
Algorithm,
Certificate,
Protocol,
RelatedCryptoMaterial,
Unknown
}
public sealed record ParsedAlgorithmProperties
{
public CryptoPrimitive? Primitive { get; init; }
public string? ParameterSetIdentifier { get; init; }
public string? Curve { get; init; }
public CryptoExecutionEnvironment? ExecutionEnvironment { get; init; }
public string? ImplementationPlatform { get; init; }
public CertificationLevel? CertificationLevel { get; init; }
public CryptoMode? Mode { get; init; }
public CryptoPadding? Padding { get; init; }
public ImmutableArray<string> CryptoFunctions { get; init; } = [];
public int? ClassicalSecurityLevel { get; init; }
public int? NistQuantumSecurityLevel { get; init; }
public int? KeySize { get; init; }
}
public sealed record ParsedCertificateProperties
{
public string? SubjectName { get; init; }
public string? IssuerName { get; init; }
public DateTimeOffset? NotValidBefore { get; init; }
public DateTimeOffset? NotValidAfter { get; init; }
public string? SignatureAlgorithmRef { get; init; }
public string? SubjectPublicKeyRef { get; init; }
public string? CertificateFormat { get; init; }
public string? CertificateExtension { get; init; }
}
public sealed record ParsedProtocolProperties
{
public string? Type { get; init; }
public string? Version { get; init; }
public ImmutableArray<string> CipherSuites { get; init; } = [];
public ImmutableArray<string> IkeV2TransformTypes { get; init; } = [];
public ImmutableArray<string> CryptoRefArray { get; init; } = [];
}
public sealed record ParsedRelatedCryptoMaterial
{
public string? Type { get; init; }
public string? Reference { get; init; }
public ImmutableArray<string> MaterialRefs { get; init; } = [];
}
public enum CryptoPrimitive
{
Unknown,
Symmetric,
Asymmetric,
Hash,
Mac,
Kdf,
Rng
}
public enum CryptoMode
{
Unknown,
Ecb,
Cbc,
Ctr,
Gcm,
Xts
}
public enum CryptoPadding
{
Unknown,
None,
Pkcs1,
Pkcs7,
Oaep
}
public enum CryptoExecutionEnvironment
{
Unknown,
Hardware,
Software,
Hybrid
}
public enum CertificationLevel
{
Unknown,
Fips140_2,
Fips140_3,
CommonCriteria
}
public sealed record ParsedModelCard
{
public string? BomRef { get; init; }
public ParsedModelParameters? ModelParameters { get; init; }
public ParsedQuantitativeAnalysis? QuantitativeAnalysis { get; init; }
public ParsedConsiderations? Considerations { get; init; }
}
public sealed record ParsedModelParameters
{
public string? Task { get; init; }
public string? ArchitectureFamily { get; init; }
public string? ModelArchitecture { get; init; }
public ImmutableArray<ParsedDatasetRef> Datasets { get; init; } = [];
public ImmutableArray<ParsedInputOutput> Inputs { get; init; } = [];
public ImmutableArray<ParsedInputOutput> Outputs { get; init; } = [];
public string? AutonomyType { get; init; }
public string? Domain { get; init; }
public string? TypeOfModel { get; init; }
public string? EnergyConsumption { get; init; }
public ImmutableDictionary<string, string> Hyperparameters { get; init; } =
ImmutableDictionary<string, string>.Empty;
}
public sealed record ParsedDatasetRef
{
public string? Name { get; init; }
public string? Version { get; init; }
public string? Url { get; init; }
public ImmutableArray<ParsedHash> Hashes { get; init; } = [];
}
public sealed record ParsedInputOutput
{
public string? Format { get; init; }
public string? Description { get; init; }
}
public sealed record ParsedQuantitativeAnalysis
{
public ImmutableArray<ParsedPerformanceMetric> PerformanceMetrics { get; init; } = [];
public ImmutableArray<ParsedGraphic> Graphics { get; init; } = [];
}
public sealed record ParsedPerformanceMetric
{
public string? Type { get; init; }
public string? Value { get; init; }
public string? Slice { get; init; }
public string? ConfidenceIntervalLower { get; init; }
public string? ConfidenceIntervalUpper { get; init; }
}
public sealed record ParsedGraphic
{
public string? Name { get; init; }
public string? Image { get; init; }
public string? Description { get; init; }
}
public sealed record ParsedConsiderations
{
public ImmutableArray<string> Users { get; init; } = [];
public ImmutableArray<string> UseCases { get; init; } = [];
public ImmutableArray<string> TechnicalLimitations { get; init; } = [];
public ImmutableArray<ParsedRisk> EthicalConsiderations { get; init; } = [];
public ImmutableArray<ParsedFairnessAssessment> FairnessAssessments { get; init; } = [];
public ParsedEnvironmentalConsiderations? EnvironmentalConsiderations { get; init; }
}
public sealed record ParsedFairnessAssessment
{
public string? GroupAtRisk { get; init; }
public string? Benefits { get; init; }
public string? Harms { get; init; }
public string? MitigationStrategy { get; init; }
}
public sealed record ParsedRisk
{
public string? Name { get; init; }
public string? MitigationStrategy { get; init; }
}
public sealed record ParsedEnvironmentalConsiderations
{
public ImmutableArray<ParsedEnergyConsumption> EnergyConsumptions { get; init; } = [];
public ImmutableDictionary<string, string> Properties { get; init; } =
ImmutableDictionary<string, string>.Empty;
}
public sealed record ParsedEnergyConsumption
{
public string? Activity { get; init; }
public ImmutableArray<ParsedEnergyProvider> EnergyProviders { get; init; } = [];
public string? ActivityEnergyCost { get; init; }
public string? Co2CostEquivalent { get; init; }
public string? Co2CostOffset { get; init; }
public ImmutableDictionary<string, string> Properties { get; init; } =
ImmutableDictionary<string, string>.Empty;
}
public sealed record ParsedEnergyProvider
{
public string? BomRef { get; init; }
public string? Description { get; init; }
public ParsedOrganization? Organization { get; init; }
public string? EnergySource { get; init; }
public string? EnergyProvided { get; init; }
public ImmutableArray<ParsedExternalRef> ExternalReferences { get; init; } = [];
}
public sealed record ParsedVulnerability
{
public required string Id { get; init; }
public string? Source { get; init; }
public string? Description { get; init; }
public string? Detail { get; init; }
public string? Recommendation { get; init; }
public ImmutableArray<string> Cwes { get; init; } = [];
public ImmutableArray<ParsedVulnRating> Ratings { get; init; } = [];
public ImmutableArray<ParsedVulnAffects> Affects { get; init; } = [];
public ParsedVulnAnalysis? Analysis { get; init; }
public DateTimeOffset? Published { get; init; }
public DateTimeOffset? Updated { get; init; }
}
public sealed record ParsedVulnRating
{
public string? Method { get; init; }
public string? Score { get; init; }
public string? Severity { get; init; }
public string? Vector { get; init; }
public string? Source { get; init; }
}
public sealed record ParsedVulnAffects
{
public string? Ref { get; init; }
public string? Version { get; init; }
public string? Status { get; init; }
}
public sealed record ParsedVulnAnalysis
{
public VexState State { get; init; }
public VexJustification? Justification { get; init; }
public ImmutableArray<string> Response { get; init; } = [];
public string? Detail { get; init; }
public DateTimeOffset? FirstIssued { get; init; }
public DateTimeOffset? LastUpdated { get; init; }
}
public enum VexState
{
Exploitable,
InTriage,
FalsePositive,
NotAffected,
Fixed,
UnderInvestigation,
Unknown
}
public enum VexJustification
{
ComponentNotPresent,
VulnerableCodeNotPresent,
VulnerableCodeNotInExecutePath,
InlineMitigationsAlreadyExist,
Other
}
public sealed record ParsedLicense
{
public string? SpdxId { get; init; }
public string? Name { get; init; }
public string? Url { get; init; }
public string? Text { get; init; }
public ParsedLicenseExpression? Expression { get; init; }
public ParsedLicenseTerms? Licensing { get; init; }
public ImmutableArray<string> Acknowledgements { get; init; } = [];
}
public sealed record ParsedLicenseTerms
{
public string? Licensor { get; init; }
public string? Licensee { get; init; }
public string? Purchaser { get; init; }
public string? PurchaseOrder { get; init; }
public ImmutableArray<string> LicenseTypes { get; init; } = [];
public DateTimeOffset? LastRenewal { get; init; }
public DateTimeOffset? Expiration { get; init; }
public ImmutableArray<string> AltIds { get; init; } = [];
public ImmutableDictionary<string, string> Properties { get; init; } =
ImmutableDictionary<string, string>.Empty;
}
public abstract record ParsedLicenseExpression;
public sealed record SimpleLicense(string Id) : ParsedLicenseExpression;
public sealed record WithException(ParsedLicenseExpression License, string Exception) : ParsedLicenseExpression;
public sealed record OrLater(string LicenseId) : ParsedLicenseExpression;
public sealed record ConjunctiveSet(ImmutableArray<ParsedLicenseExpression> Members) : ParsedLicenseExpression;
public sealed record DisjunctiveSet(ImmutableArray<ParsedLicenseExpression> Members) : ParsedLicenseExpression;
public enum LicenseCategory
{
Permissive,
WeakCopyleft,
StrongCopyleft,
Proprietary,
PublicDomain,
Unknown
}
public sealed record ParsedDeclarations
{
public ImmutableArray<ParsedAttestation> Attestations { get; init; } = [];
public ImmutableArray<ParsedAffirmation> Affirmations { get; init; } = [];
}
public sealed record ParsedAttestation
{
public ImmutableArray<string> Subjects { get; init; } = [];
public string? Predicate { get; init; }
public string? Evidence { get; init; }
public ParsedSignature? Signature { get; init; }
}
public sealed record ParsedAffirmation
{
public string? Statement { get; init; }
public ImmutableArray<string> Signatories { get; init; } = [];
}
public sealed record ParsedDefinitions
{
public ImmutableArray<ParsedStandard> Standards { get; init; } = [];
}
public sealed record ParsedStandard
{
public string? BomRef { get; init; }
public string? Name { get; init; }
public string? Version { get; init; }
public string? Description { get; init; }
public ParsedOrganization? Owner { get; init; }
public ImmutableArray<string> Requirements { get; init; } = [];
public ImmutableArray<ParsedExternalRef> ExternalReferences { get; init; } = [];
public ParsedSignature? Signature { get; init; }
}
public sealed record ParsedSignature
{
public string? Algorithm { get; init; }
public string? KeyId { get; init; }
public string? PublicKey { get; init; }
public ImmutableArray<string> CertificatePath { get; init; } = [];
public string? Value { get; init; }
}

27
src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Parsing/IParsedSbomParser.cs Normal file
View File

@@ -0,0 +1,27 @@
// -----------------------------------------------------------------------------
// IParsedSbomParser.cs
// Sprint: SPRINT_20260119_015_Concelier_sbom_full_extraction
// Task: TASK-015-008, TASK-015-009 - Parsed SBOM extraction
// Description: Interface for enriched SBOM parsing
// -----------------------------------------------------------------------------
using StellaOps.Concelier.SbomIntegration.Models;
namespace StellaOps.Concelier.SbomIntegration.Parsing;
/// <summary>
/// Service for parsing SBOM content into enriched ParsedSbom models.
/// </summary>
public interface IParsedSbomParser
{
/// <summary>
/// Parses SBOM content into a ParsedSbom model.
/// </summary>
/// <param name="content">SBOM content stream.</param>
/// <param name="format">SBOM format.</param>
/// <param name="cancellationToken">Cancellation token.</param>
/// <returns>Parsed SBOM with enriched metadata.</returns>
Task<ParsedSbom> ParseAsync(
Stream content,
SbomFormat format,
CancellationToken cancellationToken = default);
}

2967
src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Parsing/ParsedSbomParser.cs Normal file
View File

File diff suppressed because it is too large Load Diff

2
src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/ServiceCollectionExtensions.cs
View File

@@ -28,6 +28,7 @@ public static class ServiceCollectionExtensions
{
// Register parser
services.TryAddSingleton<ISbomParser, SbomParser>();
services.TryAddSingleton<IParsedSbomParser, ParsedSbomParser>();
// Register PURL index (requires Valkey connection)
services.TryAddSingleton<IPurlCanonicalIndex, ValkeyPurlCanonicalIndex>();
@@ -52,6 +53,7 @@ public static class ServiceCollectionExtensions
{
// Register parser
services.TryAddSingleton<ISbomParser, SbomParser>();
services.TryAddSingleton<IParsedSbomParser, ParsedSbomParser>();
// Register PURL index (requires Valkey connection)
services.TryAddSingleton<IPurlCanonicalIndex, ValkeyPurlCanonicalIndex>();

15
src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/TASKS.md
View File

@@ -1,10 +1,23 @@
# Concelier SbomIntegration Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`,
`docs/implplan/SPRINT_20260119_015_Concelier_sbom_full_extraction.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0237-M | DONE | Revalidated 2026-01-07. |
| AUDIT-0237-T | DONE | Revalidated 2026-01-07. |
| AUDIT-0237-A | TODO | Revalidated 2026-01-07 (open findings). |
| TASK-015-001 | DOING | ParsedSbom model scaffolding. |
| TASK-015-002 | DOING | ParsedService model scaffolding. |
| TASK-015-003 | DOING | ParsedCryptoProperties model scaffolding. |
| TASK-015-004 | DOING | ParsedModelCard model scaffolding. |
| TASK-015-005 | DOING | CycloneDX formulation parsing + tests added; SPDX build parsing added. |
| TASK-015-006 | DOING | ParsedVulnerability/VEX model scaffolding. |
| TASK-015-007 | DOING | ParsedLicense model scaffolding. |
| TASK-015-007a | DOING | CycloneDX license extraction expansion. |
| TASK-015-007b | DOING | SPDX licensing profile extraction expansion. |
| TASK-015-008 | DOING | CycloneDX extraction now covers formulation; tests updated. |
| TASK-015-009 | DOING | ParsedSbomParser SPDX 3.0.1 extraction baseline + build profile. |
| TASK-015-010 | DOING | ParsedSbom adapter + framework reference added; Artifact.Infrastructure build errors block tests. |