# SBOM-Verdict Linking Table

## Module
SbomService

## Status
IMPLEMENTED

## Description
Join table linking SBOM versions to VEX consensus verdicts per CVE. Fully implemented with PostgreSQL persistence, in-memory test implementation, and lineage integration.

## Implementation Details
- **Persistence interface (Persistence layer)**: `src/SbomService/__Libraries/StellaOps.SbomService.Persistence/Repositories/ISbomVerdictLinkRepository.cs` -- `LinkAsync`, `LinkBatchAsync`, `GetVerdictsBySbomAsync`, `GetSbomsByCveAsync`, `GetSbomsByStatusAsync`
- **Postgres implementation**: `src/SbomService/__Libraries/StellaOps.SbomService.Persistence/Postgres/Repositories/PostgresSbomVerdictLinkRepository.cs` -- PostgreSQL verdict link storage with upsert on conflict
- **Lineage interface**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Repositories/ISbomVerdictLinkRepository.cs` -- lineage-layer verdict link contract
- **Lineage Postgres implementation**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Repositories/SbomVerdictLinkRepository.cs` -- `sbom.sbom_verdict_links` table with columns: sbom_version_id, cve, consensus_projection_id, verdict_status, confidence_score, tenant_id; upsert on `(sbom_version_id, cve, tenant_id)` conflict
- **Schema migration**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Persistence/Migrations/00001_InitialSchema.sql` -- creates `sbom_verdict_links` table
- **DI registration**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/DependencyInjection/ServiceCollectionExtensions.cs` -- registers verdict link repository
- **Lineage domain**: `src/SbomService/__Libraries/StellaOps.SbomService.Lineage/Domain/LineageModels.cs` -- `SbomVerdictLink` model
- **Tests**: `src/SbomService/__Tests/StellaOps.SbomService.Lineage.Tests/Domain/LineageModelsTests.cs`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Verify SBOM-to-verdict linking creates records in `sbom_verdict_links` table
- [ ] Test batch linking of multiple verdicts per SBOM version
- [ ] Verify query by CVE returns all linked SBOM versions
- [ ] Test query by verdict status with limit parameter
- [ ] Verify upsert behavior on `(sbom_version_id, cve, tenant_id)` conflict