stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
310e9f84fe09fa2fc71e2f91b6153cc904cd2df4
git.stella-ops.org/docs/features/checked/cli/oci-referrer-based-artifact-association.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

1.7 KiB
Raw Blame History

OCI Referrer-Based Artifact Association

Module

Cli

Status

VERIFIED

Description

OCI referrer-based attachment of SBOMs, attestations, and verdicts to image digests using the OCI referrers API, with discovery, publishing, and fallback mechanisms.

Implementation Details

  • OCI Registry Client: src/Cli/StellaOps.Cli/Services/OciRegistryClient.cs / IOciRegistryClient.cs -- OCI registry operations including referrers API
  • OCI Attestation Registry: src/Cli/StellaOps.Cli/Services/OciAttestationRegistryClient.cs -- attestation-specific OCI operations
  • Commands:
    • stella oci-list <digest> -- list OCI referrers for an image digest
    • stella oci-verify <digest> -- verify OCI-attached attestations
  • Architecture: Uses OCI referrers API (fallback to tag-based discovery for older registries)

E2E Test Plan

  • Run stella oci-list sha256:abc123 and verify referrers listed (SBOMs, attestations, verdicts)
  • Run stella oci-verify sha256:abc123 and verify attached attestation verification
  • Verify fallback to tag-based discovery when referrers API unavailable
  • Verify SBOM attachment discovery and content retrieval
  • Verify --format json output

Verification

  • Verified: 2026-02-13T15:30:00Z
  • Tier 0 (Source): pass -- all referenced source files exist on disk
  • Tier 1 (Build): pass -- module builds cleanly, 339 tests pass in StellaOps.Cli.Plugins.Tests
  • Tier 2d (Integration): pass -- targeted integration tests confirm behavioral correctness
  • Test Project: src/Cli/__Tests/StellaOps.Cli.Plugins.Tests/StellaOps.Cli.Plugins.Tests.csproj
  • Evidence: docs/qa/feature-checks/runs/cli/oci-referrer-based-artifact-association/run-001/tier2-integration-check.json