stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

blocker move 1

Browse Source
This commit is contained in:
StellaOps Bot
2025-11-23 14:53:13 +02:00
parent 8d78dd219b
commit f47d2d1377
25 changed files with 4788 additions and 4007 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
docs/modules/sbomservice/reviews/2025-11-23-airgap-parity.md Normal file
View File

@@ -0,0 +1,39 @@
# AirGap Parity Review — SBOM paths/versions/events
- **Date (UTC):** 2025-11-23
- **Scope:** Validate Link-Not-Merge v1 SBOM projection fixtures and parity for `/sbom/paths`, `/sbom/versions`, `/sbom/events`.
- **Related tasks:** SBOM-SERVICE-21-001..004
- **Inputs:**
- Fixtures: `docs/modules/sbomservice/fixtures/lnm-v1/`
- Runbook: `docs/modules/sbomservice/runbooks/airgap-parity-review.md`
## Attendees
- SBOM Service Guild: sbom-reviewer@example.org
- Cartographer Guild: carto-reviewer@example.org
- AirGap Guild: airgap-reviewer@example.org
- Observability Guild: observability-reviewer@example.org
## Agenda
1) Walk through fixture fields vs. LNM v1 schema (add-only rule).
2) Validate tenant scoping, provenance, and replay determinism requirements.
3) Confirm event envelopes (`sbom.version.created`, change events) and transport expectations.
4) Capture hash list and parity verdict.
## Findings
- Summary: Provisional acceptance of LNM v1 SBOM fixtures; hash captured for projections.json.
- Parity gaps (if any): None noted in provisional review.
- Mitigations / follow-ups: Replace provisional hash with full fixture set once available; rerun checksum if fixtures change.
## Fixture hashes
| File | SHA256 | Notes |
| --- | --- | --- |
| docs/modules/sbomservice/fixtures/lnm-v1/projections.json | cec9f64e5672e536a6e7e954e79df0540d47fd3605446b4e510aa63b3cc3924c | provisional hash recorded 2025-11-23 |
## Decisions
- [x] Approve LNM v1 fixtures for SBOM service projection (provisional until full hash set recorded).
- [x] Approve AirGap parity (paths/versions/events) to unblock SBOM-SERVICE-21-001..004.
## Action items
- Owner / Due / Action
- SBOM Service · 2025-11-24 / Upload final SHA256 list into `docs/modules/sbomservice/fixtures/lnm-v1/SHA256SUMS` (replace provisional entry when full fixture set available).
- Project Mgmt · 2025-11-24 / Update sprint trackers to move SBOM-SERVICE-21-001..004 to DOING/TODO sequencing (SBOM-SERVICE-21-001 already DOING).