stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
378b52a5cb2106791c2958802b96be26268d2df3
git.stella-ops.org/docs/features/checked/scanner/sbom-source-trigger-dispatch-service.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

3.0 KiB
Raw Blame History

SBOM Source Trigger Dispatch Service (Webhook + Scheduler + Retry)

Module

Scanner

Status

VERIFIED

Description

Trigger dispatcher routing events to 4 source-type handlers, webhook endpoints supporting 8+ registry types (Harbor, DockerHub, ACR, ECR, GCR, GHCR, Gitea, Quay), scheduler integration for periodic scans, and retry logic with exponential backoff.

Implementation Details

  • Trigger Dispatcher:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Triggers/SourceTriggerDispatcher.cs - SourceTriggerDispatcher routes trigger events to the appropriate source-type handler based on source type
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Triggers/ISourceTriggerDispatcher.cs - Interface for trigger dispatching
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Triggers/TriggerContext.cs - TriggerContext carrying webhook payload, source metadata, and retry state
  • Webhook Endpoints:
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/WebhookEndpoints.cs - WebhookEndpoints exposing REST endpoints for registry webhook payloads from Harbor, DockerHub, ACR, ECR, GCR, GHCR, Gitea, Quay
  • Source-Type Handlers:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/ISourceTypeHandler.cs - ISourceTypeHandler interface for source-type-specific handling
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Zastava/ZastavaSourceHandler.cs - Zastava registry handler
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Docker/DockerSourceHandler.cs - Docker registry handler
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Cli/CliSourceHandler.cs - CLI-triggered handler
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Git/GitSourceHandler.cs - Git repository handler
  • Scheduler Integration:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Scheduling/SourceSchedulerHostedService.cs - SourceSchedulerHostedService background service managing periodic scan schedules with cron-like scheduling
  • DI Registration:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/DependencyInjection/ServiceCollectionExtensions.cs - Registers trigger dispatcher, handlers, and scheduler

E2E Test Plan

  • Send a webhook payload from a Harbor registry push event and verify the trigger dispatcher routes it to the correct source-type handler
  • Verify webhook endpoints accept payloads from all supported registry types (DockerHub, ACR, ECR, GCR, GHCR, Gitea, Quay)
  • Configure a periodic scan schedule and verify the SourceSchedulerHostedService triggers scans at the configured intervals
  • Verify retry logic with exponential backoff when a handler fails to process a trigger event
  • Verify the TriggerContext carries the correct webhook payload metadata and source configuration to the handler

Verification

Check Result
Tier 0 - Source files exist PASS
Tier 1 - Build + code review PASS
Tier 2 - Integration tests PASS
Verified 2026-02-13T18:10:00Z