stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
docs/features/checked/attestor/sbom-schema-validation-gating.md Normal file
View File

@@ -0,0 +1,41 @@
# SBOM Schema Validation/Gating
## Module
Attestor
## Status
VERIFIED
## Description
Schema validation for SBOM predicates (both CycloneDX and SPDX) with structured validation results for gating decisions.
## Implementation Details
- **Predicate Schema Validator**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Json/PredicateSchemaValidator.cs` (with `.Validators`) -- validates SBOM predicates against registered schemas.
- **Schema Validation Result**: `Json/SchemaValidationResult.cs` -- result with pass/fail and list of errors.
- **Schema Validation Error**: `Json/SchemaValidationError.cs` -- individual error with JSON path, message, and severity.
- **CycloneDX Validation**: `__Libraries/StellaOps.Attestor.StandardPredicates/Writers/CycloneDxWriter.Validation.cs` -- CycloneDX-specific schema validation rules.
- **CycloneDX Parser Validation**: `Parsers/CycloneDxPredicateParser.Validation.cs` -- validates CycloneDX input during parsing.
- **SPDX Validation**: `Parsers/SpdxPredicateParser.Validation.cs` -- validates SPDX input during parsing.
- **SLSA Validation**: `Validation/SlsaSchemaValidator.cs` (with `.BuildDefinition`, `.Helpers`, `.Level`, `.RunDetails`) -- SLSA provenance schema validation.
- **Binary Diff Schema**: `BinaryDiff/BinaryDiffSchema.SchemaJson.cs` -- embedded JSON schema for binary diff predicates.
- **Tests**: `__Tests/StellaOps.Attestor.StandardPredicates.Tests/ValidationTests.cs`
## E2E Test Plan
- [ ] Validate a well-formed CycloneDX 1.6 BOM via `CycloneDxWriter.Validation` and verify it passes
- [ ] Validate a malformed CycloneDX BOM (missing required fields) and verify `SchemaValidationResult` fails with specific errors
- [ ] Validate a well-formed SPDX 3.0.1 document via `SpdxPredicateParser.Validation` and verify it passes
- [ ] Validate a malformed SPDX document and verify validation errors include JSON paths
- [ ] Validate a CycloneDX serial number via `CycloneDxPredicateParser.SerialNumber` and verify format compliance
- [ ] Use validation results as a gating decision: block a pipeline submission when SBOM validation fails
- [ ] Validate a SLSA provenance predicate and verify build definition and run details are checked
- [ ] Verify `SchemaValidationError` provides actionable details: JSON path, human-readable message, severity level
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |