save checkpoint
This commit is contained in:
master
@@ -0,0 +1,27 @@
|
||||
# SBOM Lineage API Backend
|
||||
|
||||
## Module
|
||||
SbomService
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
REST API endpoints for lineage graph queries, diff computation, and export. Architecture fully documented but backend implementation pending.
|
||||
|
||||
## Implementation Details
|
||||
- **Lineage controller**: `src/SbomService/StellaOps.SbomService/Controllers/LineageController.cs` -- REST endpoints for lineage queries
|
||||
- **Lineage export models**: `src/SbomService/StellaOps.SbomService/Models/LineageExportModels.cs` -- export format models
|
||||
- **Path models**: `src/SbomService/StellaOps.SbomService/Models/SbomPathModels.cs` -- graph path traversal models
|
||||
- **Projection models**: `src/SbomService/StellaOps.SbomService/Models/SbomProjectionModels.cs` -- lineage projection data
|
||||
- **Lineage library**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/` -- core lineage logic
|
||||
- **VEX delta repository**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Repositories/VexDeltaRepository.cs`
|
||||
- **Persistence migrations**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Persistence/Migrations/00001_InitialSchema.sql`
|
||||
- **Observability**: `src/SbomService/StellaOps.SbomService/Observability/SbomMetrics.cs`, `SbomTracing.cs`
|
||||
- **Source**: Feature matrix scan
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify lineage API endpoints return valid graph data
|
||||
- [ ] Test diff computation between SBOM versions
|
||||
- [ ] Verify export endpoints generate correct lineage exports
|
||||
- [ ] Test path traversal queries through lineage graph
|
||||
@@ -0,0 +1,23 @@
|
||||
# SBOM Lineage Edge Persistence (PostgreSQL)
|
||||
|
||||
## Module
|
||||
SbomService
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
PostgreSQL-backed persistence for SBOM lineage graph edges with ISbomLineageEdgeRepository interface, sbom_lineage_edges table schema, and in-memory test implementation. Stores parent-child relationships between SBOM versions across image rebuilds.
|
||||
|
||||
## Implementation Details
|
||||
- **Lineage library**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/` -- core lineage graph logic
|
||||
- **Migrations**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Persistence/Migrations/00001_InitialSchema.sql` -- sbom_lineage_edges table and schema
|
||||
- **VEX delta repository**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Repositories/VexDeltaRepository.cs` -- VEX delta tracking per edge
|
||||
- **SBOM models**: `src/SbomService/StellaOps.SbomService/Models/SbomLedgerModels.cs`, `SbomVersionEvents.cs`, `SbomAssetEvents.cs`
|
||||
- **Source**: SPRINT_20251228_005_BE_sbom_lineage_graph_i.md
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify edge persistence stores parent-child relationships correctly
|
||||
- [ ] Test edge retrieval for lineage graph traversal
|
||||
- [ ] Verify migration creates expected schema
|
||||
- [ ] Test in-memory implementation for unit testing
|
||||
@@ -0,0 +1,58 @@
|
||||
# SBOM Lineage Graph Visualization
|
||||
|
||||
## Module
|
||||
SbomService
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
SBOM lineage graph with Git-like visualization. Architecture fully documented, UI components mostly built, but API endpoints not implemented and services use stubs.
|
||||
|
||||
## What's Implemented
|
||||
- **Backend lineage graph service**: `src/SbomService/StellaOps.SbomService/Services/SbomLineageGraphService.cs`, `ISbomLineageGraphService.cs` -- lineage graph query service
|
||||
- **Lineage controller**: `src/SbomService/StellaOps.SbomService/Controllers/LineageController.cs` -- REST API endpoints for lineage queries
|
||||
- **Compare service**: `src/SbomService/StellaOps.SbomService/Services/LineageCompareService.cs`, `ILineageCompareService.cs` -- diff computation between lineage nodes
|
||||
- **Export service**: `src/SbomService/StellaOps.SbomService/Services/LineageExportService.cs`, `ILineageExportService.cs` -- evidence pack export
|
||||
- **Hover cache**: `src/SbomService/StellaOps.SbomService/Services/LineageHoverCache.cs` -- Valkey-backed hover card caching
|
||||
- **Lineage library**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Services/LineageGraphService.cs`, `ILineageGraphService.cs` -- core lineage graph logic
|
||||
- **Frontend lineage feature** (extensive): `src/Web/StellaOps.Web/src/app/features/lineage/` -- 50+ components including:
|
||||
- Graph rendering: `lineage-graph/lineage-graph.component.ts`, `lineage-graph-container/lineage-graph-container.component.ts`
|
||||
- Node/edge rendering: `lineage-node/lineage-node.component.ts`, `lineage-edge/lineage-edge.component.ts`
|
||||
- Hover cards: `lineage-hover-card/lineage-hover-card.component.ts`
|
||||
- Timeline: `lineage-timeline-slider/lineage-timeline-slider.component.ts`, `timeline-slider/timeline-slider.component.ts`
|
||||
- Diff views: `lineage-sbom-diff/lineage-sbom-diff.component.ts`, `lineage-vex-diff/lineage-vex-diff.component.ts`, `lineage-component-diff/lineage-component-diff.component.ts`
|
||||
- Compare: `lineage-compare/lineage-compare.component.ts`, `lineage-compare-panel/lineage-compare-panel.component.ts`, `compare-panel/compare-panel.component.ts`
|
||||
- Detail panel: `lineage-detail-panel/lineage-detail-panel.component.ts`
|
||||
- Controls/minimap: `lineage-controls/lineage-controls.component.ts`, `lineage-minimap/lineage-minimap.component.ts`
|
||||
- Export: `lineage-export-buttons/lineage-export-buttons.component.ts`, `lineage-export-dialog/lineage-export-dialog.component.ts`
|
||||
- Why-safe panel: `why-safe-panel/why-safe-panel.component.ts`, `lineage-why-safe-panel/lineage-why-safe-panel.component.ts`
|
||||
- Provenance: `lineage-provenance-compare/lineage-provenance-compare.component.ts`, `lineage-provenance-chips/lineage-provenance-chips.component.ts`
|
||||
- Accessibility: `lineage-accessibility.scss`, directives for keyboard shortcuts and accessibility
|
||||
- Mobile support: `lineage-mobile-compare/lineage-mobile-compare.component.ts`, `lineage-mobile.styles.ts`
|
||||
- Services: `lineage-graph.service.ts`, `lineage-export.service.ts`
|
||||
- Routing: `lineage.routes.ts`, `lineage-compare-routing.guard.ts`
|
||||
- Integration docs: `INTEGRATION_GUIDE.md`, `LINEAGE_API_INTEGRATION.md`
|
||||
- Audit pack: `audit-pack-export/audit-pack-export.component.ts`, `export-options`, `merkle-display`, `signing-options`
|
||||
- Explainer: `explainer-timeline/explainer-timeline.component.ts`, `explainer-step/explainer-step.component.ts`
|
||||
- Badges: `cgs-badge/cgs-badge.component.ts`, `attestation-links/attestation-links.component.ts`
|
||||
- Diff table: `diff-table/diff-table.component.ts`
|
||||
- Services: `audit-pack.service.ts`, `explainer.service.ts`
|
||||
- **Tests**: `src/SbomService/__Tests/StellaOps.SbomService.Tests/Lineage/LineageDeterminismTests.cs`, `src/SbomService/__Tests/StellaOps.SbomService.Lineage.Tests/Domain/LineageModelsTests.cs`
|
||||
- Source: Feature matrix scan
|
||||
|
||||
## What's Missing
|
||||
- Backend API endpoints may still use stub/in-memory data for some queries (full PostgreSQL-backed graph traversal for all operations)
|
||||
- Real-time lineage update via WebSocket/SSE not confirmed
|
||||
- Performance optimization for large lineage graphs (hundreds of nodes)
|
||||
|
||||
## Implementation Plan
|
||||
- Verify all lineage API endpoints return live PostgreSQL data (not stubs)
|
||||
- Ensure graph traversal queries perform efficiently at scale
|
||||
- Add E2E tests covering full backend-frontend integration
|
||||
|
||||
## Related Documentation
|
||||
- Source: See feature catalog
|
||||
|
||||
## Merged From
|
||||
- `web/sbom-lineage-lane-view.md` (deleted -- frontend-only subset of this feature)
|
||||
@@ -0,0 +1,27 @@
|
||||
# SBOM Lineage Hover Cache with Valkey
|
||||
|
||||
## Module
|
||||
SbomService
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Valkey-backed (Redis-compatible) caching layer for SBOM lineage graph hover card data. Pre-computes and caches component diff summaries, VEX delta counts, and provenance metadata for instant hover card rendering without round-trips to PostgreSQL.
|
||||
|
||||
## Implementation Details
|
||||
- **Hover cache interface and implementation**: `src/SbomService/StellaOps.SbomService/Services/LineageHoverCache.cs` -- `ILineageHoverCache` with `GetAsync`, `SetAsync`, `InvalidateAsync` for hover card data; 5-minute TTL targeting <150ms response times
|
||||
- **Valkey compare cache**: `src/SbomService/StellaOps.SbomService/Services/ValkeyLineageCompareCache.cs` -- `ILineageCompareCache` implementation using `IDistributedCache` (Valkey/Redis) with 10-minute TTL, cache hit/miss/invalidation counters, and `ActivitySource` tracing
|
||||
- **In-memory fallback**: `src/SbomService/StellaOps.SbomService/Services/InMemoryLineageCompareCache.cs` -- in-memory `ILineageCompareCache` for testing and non-Valkey deployments
|
||||
- **Cache interface**: `src/SbomService/StellaOps.SbomService/Services/ILineageCompareCache.cs` -- compare cache contract
|
||||
- **Hover card model**: `src/SbomService/StellaOps.SbomService/Models/SbomProjectionModels.cs` -- `SbomLineageHoverCard` used as cached entity
|
||||
- **Frontend hover card**: `src/Web/StellaOps.Web/src/app/features/lineage/components/lineage-hover-card/lineage-hover-card.component.ts` -- Angular hover card component
|
||||
- **DI registration**: `src/SbomService/StellaOps.SbomService/Program.cs` -- Valkey cache services registered in DI
|
||||
- **Source**: SPRINT_20251228_005_BE_sbom_lineage_graph_i.md
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify hover card data is cached with 5-minute TTL
|
||||
- [ ] Test cache invalidation when artifact digest changes
|
||||
- [ ] Verify <150ms response time for cached hover card requests
|
||||
- [ ] Test Valkey compare cache hit/miss tracking metrics
|
||||
- [ ] Verify in-memory fallback works when Valkey is unavailable
|
||||
@@ -0,0 +1,27 @@
|
||||
# SBOM Lineage NDJSON Streaming Export
|
||||
|
||||
## Module
|
||||
SbomService
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
NDJSON (newline-delimited JSON) streaming export for SBOM lineage graphs. Enables efficient bulk export of lineage data for offline analysis, air-gap transfer, and integration with external tools that consume streaming JSON formats.
|
||||
|
||||
## Implementation Details
|
||||
- **Export service interface**: `src/SbomService/StellaOps.SbomService/Services/ILineageExportService.cs` -- export contract
|
||||
- **Export service implementation**: `src/SbomService/StellaOps.SbomService/Services/LineageExportService.cs` -- generates signed evidence packs in NDJSON format; 50MB max export size; includes SBOM diff, VEX deltas, reachability diffs, and attestations; optional keyless signing
|
||||
- **Export models**: `src/SbomService/StellaOps.SbomService/Models/LineageExportModels.cs` -- `LineageExportRequest`, `LineageExportResponse`, `EvidencePack` (NDJSON structured); configurable includes (SbomDiff, VexDeltas, ReachabilityDiff, Attestations)
|
||||
- **NDJSON endpoint**: `src/SbomService/StellaOps.SbomService/Program.cs` -- endpoint returns `application/x-ndjson` content type with deterministic line ordering
|
||||
- **Tests**: `src/SbomService/StellaOps.SbomService.Tests/ResolverFeedExportTests.cs` -- `Export_returns_ndjson_in_deterministic_order` test verifying NDJSON output and content type
|
||||
- **Frontend export UI**: `src/Web/StellaOps.Web/src/app/features/lineage/components/lineage-export-buttons/lineage-export-buttons.component.ts`, `lineage-export-dialog/lineage-export-dialog.component.ts`, `export-dialog/export-dialog.component.ts`
|
||||
- **Frontend export service**: `src/Web/StellaOps.Web/src/app/features/lineage/services/lineage-export.service.ts`
|
||||
- **Source**: BATCH_20251229_BE_COMPLETION_SUMMARY.md (SBOM Lineage API sprint section)
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify NDJSON export endpoint returns `application/x-ndjson` content type
|
||||
- [ ] Test deterministic ordering of export lines
|
||||
- [ ] Verify 50MB export size limit is enforced
|
||||
- [ ] Test configurable include flags (SbomDiff, VexDeltas, ReachabilityDiff, Attestations)
|
||||
- [ ] Verify export works through frontend export dialog UI
|
||||
@@ -0,0 +1,29 @@
|
||||
# SBOM Service Lineage Projection API
|
||||
|
||||
## Module
|
||||
SbomService
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
REST API for querying SBOM lineage projections including component lookup, version history, and dependency graph traversal with LNM v1 schema support.
|
||||
|
||||
## Implementation Details
|
||||
- **Projection models**: `src/SbomService/StellaOps.SbomService/Models/SbomProjectionModels.cs` -- `SbomProjectionResult` record with SnapshotId, TenantId, Projection (JsonElement), ProjectionHash, SchemaVersion
|
||||
- **Path models**: `src/SbomService/StellaOps.SbomService/Models/SbomPathModels.cs` -- graph path traversal models for lineage queries
|
||||
- **Projection repository interface**: `src/SbomService/StellaOps.SbomService/Repositories/IProjectionRepository.cs` -- projection storage contract
|
||||
- **File projection repository**: `src/SbomService/StellaOps.SbomService/Repositories/FileProjectionRepository.cs` -- file-backed projection storage
|
||||
- **Postgres projection repository**: `src/SbomService/__Libraries/StellaOps.SbomService.Persistence/Postgres/Repositories/PostgresProjectionRepository.cs` -- PostgreSQL-backed projection storage
|
||||
- **Query service**: `src/SbomService/StellaOps.SbomService/Services/ISbomQueryService.cs`, `InMemorySbomQueryService.cs` -- SBOM query with projection support
|
||||
- **Lineage domain models**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Domain/LineageModels.cs` -- lineage domain with projection relationships
|
||||
- **Observability**: `src/SbomService/StellaOps.SbomService/Observability/SbomMetrics.cs` -- projection query metrics
|
||||
- **Tests**: `src/SbomService/StellaOps.SbomService.Tests/ProjectionEndpointTests.cs` -- projection endpoint tests
|
||||
- **Source**: SPRINT_0142_0001_0001_sbomservice.md
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify projection API returns valid SbomProjectionResult with correct schema version
|
||||
- [ ] Test component lookup queries through projection API
|
||||
- [ ] Verify version history queries return ordered results
|
||||
- [ ] Test dependency graph traversal across lineage projections
|
||||
- [ ] Verify projection hash integrity for deterministic outputs
|
||||
@@ -0,0 +1,30 @@
|
||||
# SBOM Service Registry Source Integration
|
||||
|
||||
## Module
|
||||
SbomService
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Registry webhook and source management endpoints allowing container registries to push SBOM metadata events and manage trusted source configurations.
|
||||
|
||||
## Implementation Details
|
||||
- **Registry source controller**: `src/SbomService/StellaOps.SbomService/Controllers/RegistrySourceController.cs` -- REST endpoints for managing trusted registry source configurations
|
||||
- **Registry webhook controller**: `src/SbomService/StellaOps.SbomService/Controllers/RegistryWebhookController.cs` -- endpoints for receiving container registry push/tag events
|
||||
- **Registry source service**: `src/SbomService/StellaOps.SbomService/Services/RegistrySourceService.cs` -- source configuration management logic
|
||||
- **Registry webhook service**: `src/SbomService/StellaOps.SbomService/Services/RegistryWebhookService.cs` -- webhook event processing
|
||||
- **Registry discovery service**: `src/SbomService/StellaOps.SbomService/Services/RegistryDiscoveryService.cs` -- auto-discovery of registry sources
|
||||
- **Scan job emitter**: `src/SbomService/StellaOps.SbomService/Services/ScanJobEmitterService.cs` -- emits scan jobs when webhook events arrive
|
||||
- **Query options**: `src/SbomService/StellaOps.SbomService/Services/RegistrySourceQueryOptions.cs` -- query filtering for registry sources
|
||||
- **Models**: `src/SbomService/StellaOps.SbomService/Models/RegistrySourceModels.cs` -- registry source configuration models
|
||||
- **Repository**: `src/SbomService/StellaOps.SbomService/Repositories/IRegistrySourceRepository.cs`, `RegistrySourceRepositories.cs` -- registry source persistence
|
||||
- **Tests**: `src/SbomService/StellaOps.SbomService.Tests/RegistrySourceServiceTests.cs`, `RegistryDiscoveryServiceTests.cs`, `RegistryWebhookServiceTests.cs`, `ScanJobEmitterServiceTests.cs`
|
||||
- **Source**: SPRINT_0142_0001_0001_sbomservice.md
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify registry source CRUD operations through REST API
|
||||
- [ ] Test webhook event processing for container registry push events
|
||||
- [ ] Verify scan job emission when new images are pushed
|
||||
- [ ] Test registry auto-discovery service
|
||||
- [ ] Verify tenant isolation in registry source configurations
|
||||
@@ -0,0 +1,28 @@
|
||||
# SBOM-Verdict Linking Table
|
||||
|
||||
## Module
|
||||
SbomService
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Join table linking SBOM versions to VEX consensus verdicts per CVE. Fully implemented with PostgreSQL persistence, in-memory test implementation, and lineage integration.
|
||||
|
||||
## Implementation Details
|
||||
- **Persistence interface (Persistence layer)**: `src/SbomService/__Libraries/StellaOps.SbomService.Persistence/Repositories/ISbomVerdictLinkRepository.cs` -- `LinkAsync`, `LinkBatchAsync`, `GetVerdictsBySbomAsync`, `GetSbomsByCveAsync`, `GetSbomsByStatusAsync`
|
||||
- **Postgres implementation**: `src/SbomService/__Libraries/StellaOps.SbomService.Persistence/Postgres/Repositories/PostgresSbomVerdictLinkRepository.cs` -- PostgreSQL verdict link storage with upsert on conflict
|
||||
- **Lineage interface**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Repositories/ISbomVerdictLinkRepository.cs` -- lineage-layer verdict link contract
|
||||
- **Lineage Postgres implementation**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Repositories/SbomVerdictLinkRepository.cs` -- `sbom.sbom_verdict_links` table with columns: sbom_version_id, cve, consensus_projection_id, verdict_status, confidence_score, tenant_id; upsert on `(sbom_version_id, cve, tenant_id)` conflict
|
||||
- **Schema migration**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Persistence/Migrations/00001_InitialSchema.sql` -- creates `sbom_verdict_links` table
|
||||
- **DI registration**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/DependencyInjection/ServiceCollectionExtensions.cs` -- registers verdict link repository
|
||||
- **Lineage domain**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Domain/LineageModels.cs` -- `SbomVerdictLink` model
|
||||
- **Tests**: `src/SbomService/__Tests/StellaOps.SbomService.Lineage.Tests/Domain/LineageModelsTests.cs`
|
||||
- **Source**: Feature matrix scan
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify SBOM-to-verdict linking creates records in `sbom_verdict_links` table
|
||||
- [ ] Test batch linking of multiple verdicts per SBOM version
|
||||
- [ ] Verify query by CVE returns all linked SBOM versions
|
||||
- [ ] Test query by verdict status with limit parameter
|
||||
- [ ] Verify upsert behavior on `(sbom_version_id, cve, tenant_id)` conflict
|
||||
Reference in New Issue
Block a user