stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
1bf6bbf3955ecbd8d20f5eeb767da5c7f8324b57
git.stella-ops.org/docs/features/unchecked/cli/sbom-deterministic-generation-cli.md

1.2 KiB
Raw Blame History

SBOM Deterministic Generation CLI

Module

Cli

Status

IMPLEMENTED

Description

Deterministic SBOM generation from container images or directories in CycloneDX, SPDX, or both formats. Includes hash computation and verification for SBOM determinism validation.

Implementation Details

  • Command Group: src/Cli/StellaOps.Cli/Commands/SbomCommandGroup.cs -- SBOM generation commands
  • SBOM Client: src/Cli/StellaOps.Cli/Services/SbomClient.cs / ISbomClient.cs
  • SBOMer Client: src/Cli/StellaOps.Cli/Services/SbomerClient.cs / ISbomerClient.cs
  • Commands:
    • stella sbom generate <image|dir> -- generate deterministic SBOM. Options: --format cdx|spdx|both, --output <path>, --verify-determinism
  • Determinism: Same input produces byte-identical SBOM output

E2E Test Plan

  • Run stella sbom generate myregistry/app:v1.0 --format cdx and verify CycloneDX SBOM
  • Run with --format spdx and verify SPDX SBOM
  • Run with --format both and verify both formats generated
  • Run with --verify-determinism and verify hash matches across runs
  • Verify deterministic output (same image produces identical SBOM)
  • Verify directory-based SBOM generation