# Audit - StellaOps.SbomService

## Project
- Path: `src/SbomService/StellaOps.SbomService/StellaOps.SbomService.csproj`
- Module: `SbomService`
- Kind: `WebService`
- SDK: `Microsoft.NET.Sdk.Web`
- TargetFramework: `net10.0`
- Audit date (UTC): 2026-01-30

## Coding Standards Findings
- Status: FAIL
- Nullable: enable
- TreatWarningsAsErrors: explicit true
- Deterministic: inherited true
- 100-line rule violations: 34
- Service locator usage (BuildServiceProvider/GetService): 0
- Analyzer enforcement: missing repo-wide (see summary).

### Details
- 100-line files:
  - `src/SbomService/StellaOps.SbomService/Program.cs` (1355 lines)
  - `src/SbomService/StellaOps.SbomService/Services/RegistryWebhookService.cs` (598 lines)
  - `src/SbomService/StellaOps.SbomService/Services/RegistryDiscoveryService.cs` (585 lines)
  - `src/SbomService/StellaOps.SbomService/Services/SbomLedgerService.cs` (568 lines)
  - `src/SbomService/StellaOps.SbomService/Services/SbomLineageGraphService.cs` (539 lines)
  - `src/SbomService/StellaOps.SbomService/Services/ILineageCompareService.cs` (532 lines)
  - `src/SbomService/StellaOps.SbomService/Services/LineageCompareService.cs` (531 lines)
  - `src/SbomService/StellaOps.SbomService/Services/RegistrySourceService.cs` (439 lines)
  - `src/SbomService/StellaOps.SbomService/Models/SbomLedgerModels.cs` (409 lines)
  - `src/SbomService/StellaOps.SbomService/Controllers/RegistrySourceController.cs` (404 lines)
  - `src/SbomService/StellaOps.SbomService/Services/InMemorySbomQueryService.cs` (404 lines)
  - `src/SbomService/StellaOps.SbomService/Services/ReplayVerificationService.cs` (351 lines)
  - `src/SbomService/StellaOps.SbomService/Services/ScanJobEmitterService.cs` (346 lines)
  - `src/SbomService/StellaOps.SbomService/Services/InMemoryLineageCompareCache.cs` (327 lines)
  - `src/SbomService/StellaOps.SbomService/Services/LineageHoverCache.cs` (314 lines)
  - `src/SbomService/StellaOps.SbomService/Repositories/RegistrySourceRepositories.cs` (285 lines)
  - `src/SbomService/StellaOps.SbomService/Services/SbomNormalizationService.cs` (283 lines)
  - `src/SbomService/StellaOps.SbomService/Services/ReplayHashService.cs` (272 lines)
  - `src/SbomService/StellaOps.SbomService/Services/SbomContextAssembler.cs` (259 lines)
  - `src/SbomService/StellaOps.SbomService/Services/ValkeyLineageCompareCache.cs` (257 lines)
  - `src/SbomService/StellaOps.SbomService/Repositories/InMemorySbomLineageEdgeRepository.cs` (255 lines)
  - `src/SbomService/StellaOps.SbomService/Services/IReplayVerificationService.cs` (255 lines)
  - `src/SbomService/StellaOps.SbomService/Models/RegistrySourceModels.cs` (242 lines)
  - `src/SbomService/StellaOps.SbomService/Services/SbomUploadService.cs` (228 lines)
  - `src/SbomService/StellaOps.SbomService/Controllers/RegistryWebhookController.cs` (222 lines)
  - `src/SbomService/StellaOps.SbomService/Repositories/InMemorySbomLedgerRepository.cs` (190 lines)
  - `src/SbomService/StellaOps.SbomService/Controllers/LineageController.cs` (168 lines)
  - `src/SbomService/StellaOps.SbomService/Services/LineageExportService.cs` (137 lines)
  - `src/SbomService/StellaOps.SbomService/Services/OutboundUrlPolicy.cs` (129 lines)
  - `src/SbomService/StellaOps.SbomService/Services/SbomEvents.cs` (124 lines)
  - `src/SbomService/StellaOps.SbomService/Repositories/ISbomLineageEdgeRepository.cs` (114 lines)
  - `src/SbomService/StellaOps.SbomService/Services/ILineageCompareCache.cs` (112 lines)
  - `src/SbomService/StellaOps.SbomService/Services/OrchestratorControlService.cs` (110 lines)
  - `src/SbomService/StellaOps.SbomService/Services/IReplayHashService.cs` (102 lines)
- Service locator matches:
  - none

### Fix Guidance
- Split files over 100 lines into smaller types or partials.

## Testing Fullness Findings
- Status: FAIL
- Expected layers: Unit, Integration, Security, Offline
- Detected test projects: src/SbomService/__Tests/StellaOps.SbomService.Persistence.Tests/StellaOps.SbomService.Persistence.Tests.csproj [Unit], src/SbomService/__Tests/StellaOps.SbomService.Lineage.Tests/StellaOps.SbomService.Lineage.Tests.csproj [Unit], src/SbomService/StellaOps.SbomService.Tests/StellaOps.SbomService.Tests.csproj [Unit]
- Missing layers: Integration, Security, Offline

### Manual checks required
- Observability contract tests for WebService/Worker.
- Offline execution (tests must run without network access).

### Fix Guidance
- Add integration tests for cross-component flows.
- Add security tests for authn/authz or input validation.
- Add offline/airgap coverage with fixtures only.