# Layer-SBOM Cache with Hash-Based Reuse

## Module
Scanner

## Status
IMPLEMENTED

## Description
Layer-level SBOM caching is implemented with a dedicated cache store, cache entries, put requests, maintenance service, and a LayerSbomService that integrates with the scanner pipeline.

## Implementation Details
- **Cache Abstractions**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Cache/Abstractions/ILayerCacheStore.cs` - `ILayerCacheStore` interface defining cache operations (get, put, evict)
  - `src/Scanner/__Libraries/StellaOps.Scanner.Cache/Abstractions/LayerCacheEntry.cs` - `LayerCacheEntry` model for cached layer SBOM data keyed by layer hash
  - `src/Scanner/__Libraries/StellaOps.Scanner.Cache/Abstractions/LayerCachePutRequest.cs` - `LayerCachePutRequest` model for inserting new cache entries
- **Cache Store**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerCache/LayerCacheStore.cs` - `LayerCacheStore` implementation with hash-based lookup and TTL-based eviction
- **Content-Addressable Storage**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerSbomCas/ILayerSbomCas.cs` - `ILayerSbomCas` interface for content-addressable SBOM storage
  - `src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerSbomCas/PostgresLayerSbomCas.cs` - `PostgresLayerSbomCas` PostgreSQL-backed content-addressable store for layer SBOMs
- **Maintenance**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Cache/Maintenance/ScannerCacheMaintenanceService.cs` - `ScannerCacheMaintenanceService` handles cache cleanup, TTL-based eviction, and storage management
- **DI Registration**: `src/Scanner/__Libraries/StellaOps.Scanner.Cache/ScannerCacheServiceCollectionExtensions.cs`
- **WebService Integration**:
  - `src/Scanner/StellaOps.Scanner.WebService/Services/ILayerSbomService.cs` - `ILayerSbomService` interface for layer SBOM operations
  - `src/Scanner/StellaOps.Scanner.WebService/Services/LayerSbomService.cs` - `LayerSbomService` integrates cache with the scanner pipeline
  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/LayerSbomEndpoints.cs` - REST endpoints for layer SBOM retrieval
- **Layer Composition**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/LayerSbomComposer.cs` - Composes per-layer SBOMs
  - `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/ILayerSbomWriter.cs` - Interface for writing per-layer SBOMs
  - `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/SpdxLayerWriter.cs` - SPDX format layer writer
  - `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/CycloneDxLayerWriter.cs` - CycloneDX format layer writer

## E2E Test Plan
- [ ] Scan an image and verify layer SBOMs are cached by layer hash in the content-addressable store
- [ ] Rescan an image sharing cached layers and verify cached layer SBOMs are reused (cache hit) without re-analysis
- [ ] Verify cache entries include correct TTL metadata and are evicted after expiry by the maintenance service
- [ ] Retrieve a per-layer SBOM via the `LayerSbomEndpoints` REST API and verify it contains the correct components for that layer
- [ ] Verify cache put requests correctly store new layer SBOM data with content-addressed keys
- [ ] Verify the maintenance service runs periodic cleanup and removes stale cache entries