# SBOM Sources Manager Backend (Domain + REST API + Persistence)

## Module
Scanner

## Status
IMPLEMENTED

## Description
Unified SBOM Sources Manager with domain models (SbomSource, SbomSourceRun), PostgreSQL persistence, 12 REST API endpoints, AuthRef credential management, and 4 source type handlers (Zastava, Docker, CLI, Git) with connection testing.

## Implementation Details
- **Domain Models**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Domain/SbomSource.cs` - `SbomSource` domain entity representing a configured SBOM source with type, credentials, schedule, and metadata
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Domain/SbomSourceRun.cs` - `SbomSourceRun` domain entity tracking individual scan executions with status, timing, and results
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Domain/SbomSourceEnums.cs` - Enums for source types, run statuses, and trigger types
- **REST API Contracts**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Contracts/SourceContracts.cs` - `SourceContracts` DTOs for the 12 REST API endpoints (CRUD, list, test-connection, trigger, runs)
- **Service Layer**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/SbomSourceService.cs` - `SbomSourceService` implementing business logic for source management
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/ISbomSourceService.cs` - Interface for source management service
- **Persistence**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Persistence/SbomSourceRepository.cs` - `SbomSourceRepository` PostgreSQL persistence for SBOM sources
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Persistence/SbomSourceRunRepository.cs` - `SbomSourceRunRepository` PostgreSQL persistence for source run history
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Persistence/ISbomSourceRepository.cs` - Interface for source persistence
- **Source-Type Handlers**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/ISourceTypeHandler.cs` - `ISourceTypeHandler` interface
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Zastava/ZastavaSourceHandler.cs` - Zastava container registry handler
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Docker/DockerSourceHandler.cs` - Docker Hub/registry handler
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Cli/CliSourceHandler.cs` - CLI-triggered scan handler
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Git/GitSourceHandler.cs` - Git repository handler
- **Connection Testing**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/SourceConnectionTester.cs` - `SourceConnectionTester` validates source connectivity and credentials
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/ISourceConnectionTester.cs` - Interface for connection testing
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/ZastavaConnectionTester.cs` - Zastava-specific connection test
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/DockerConnectionTester.cs` - Docker-specific connection test
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/CliConnectionTester.cs` - CLI-specific connection test
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/GitConnectionTester.cs` - Git-specific connection test
- **Configuration**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Configuration/SourceConfigValidator.cs` - `SourceConfigValidator` validates source configuration completeness
  - `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Configuration/ISourceConfigValidator.cs` - Interface for config validation
- **Tests**:
  - `src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/Domain/SbomSourceTests.cs` - Unit tests for domain models

## E2E Test Plan
- [ ] Create an SBOM source via the REST API with Zastava type and verify it is persisted in PostgreSQL with correct configuration
- [ ] Test connection for each source type (Zastava, Docker, CLI, Git) and verify the connection tester returns appropriate success/failure status
- [ ] Trigger a scan run on a configured source and verify an `SbomSourceRun` record is created with initial status
- [ ] List source runs for a source and verify they include timing, status, and result metadata
- [ ] Update an SBOM source's credentials via AuthRef and verify subsequent connections use the updated credentials
- [ ] Delete an SBOM source and verify cascade behavior for associated runs