save checkpoint
This commit is contained in:
master
42
docs/features/checked/attestor/sbom-delta-system.md
Normal file
42
docs/features/checked/attestor/sbom-delta-system.md
Normal file
@@ -0,0 +1,42 @@
|
||||
# SBOM Delta System (Component Diffing, Predicates, Signed Evidence)
|
||||
|
||||
## Module
|
||||
Attestor
|
||||
|
||||
## Status
|
||||
VERIFIED
|
||||
|
||||
## Description
|
||||
Complete SBOM delta system: component-level diff tracking (added/removed/version changes), formal JSON schema for delta predicates, structured taxonomy, DSSE-signed delta evidence objects, and dedicated UI visualization. SBOM diffs are first-class signed evidence objects with attestation service producing DSSE-signed delta predicates.
|
||||
|
||||
## Implementation Details
|
||||
- **SBOM Delta Predicate**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/SbomDeltaPredicate.cs` -- predicate containing the full SBOM delta (added, removed, changed components).
|
||||
- **SBOM Delta Component**: `Predicates/SbomDeltaComponent.cs` -- individual component in the delta (name, version, purl, change type).
|
||||
- **SBOM Delta Summary**: `Predicates/SbomDeltaSummary.cs` -- summary statistics (added count, removed count, version change count).
|
||||
- **SBOM Delta Version Change**: `Predicates/SbomDeltaVersionChange.cs` -- version change detail (from_version, to_version, component).
|
||||
- **SBOM Reference**: `Predicates/SbomReference.cs` -- reference to the baseline and current SBOM documents.
|
||||
- **Predicate Schema Validator**: `Json/PredicateSchemaValidator.DeltaValidators.cs` -- schema validation for SBOM delta predicates.
|
||||
- **DSSE Signing**: `Signing/ProofChainSigner.cs` -- signs SBOM delta predicates into DSSE envelopes.
|
||||
- **Content-Addressed ID**: `Identifiers/ContentAddressedIdGenerator.cs` -- generates deterministic IDs for delta predicates.
|
||||
- **Change Trace**: `ChangeTrace/ChangeTraceAttestationService.cs` -- creates change trace attestations that can include SBOM delta data.
|
||||
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/SbomDeltaTests.cs`
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Create an `SbomDeltaPredicate` with 3 added components, 2 removed, and 1 version change; verify all entries are captured
|
||||
- [ ] Verify `SbomDeltaComponent` correctly identifies component name, version, purl, and change type (Added/Removed/Modified)
|
||||
- [ ] Verify `SbomDeltaSummary` counts: 3 added, 2 removed, 1 version changed
|
||||
- [ ] Verify `SbomDeltaVersionChange` captures from_version="1.0" to_version="2.0" for a specific component
|
||||
- [ ] Sign the SBOM delta predicate into a DSSE envelope and verify the signature
|
||||
- [ ] Validate the delta predicate via `PredicateSchemaValidator.DeltaValidators` and verify schema compliance
|
||||
- [ ] Generate a content-addressed ID for the delta and verify determinism (same delta = same ID)
|
||||
- [ ] Create an SBOM delta between two `SbomReference` documents and verify cross-reference integrity
|
||||
|
||||
## Verification
|
||||
|
||||
| Check | Result |
|
||||
|-------|--------|
|
||||
| Tier 0 - Source Verification | PASS |
|
||||
| Tier 1 - Build + Code Review | PASS |
|
||||
| Tier 2 - Behavioral Verification | PASS |
|
||||
| Verified Date | 2026-02-13 |
|
||||
| Run ID | run-001 |
|
||||
Reference in New Issue
Block a user