stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5146204f1b7fe56b25cfa643685e2de55581ff71
git.stella-ops.org/docs/modules/sbomservice/lineage-ledger.md

1.1 KiB
Raw Blame History

SBOM lineage ledger

Overview

  • Tracks immutable SBOM versions per artifact reference.
  • Exposes history, temporal queries, and deterministic diffs.
  • Emits lineage edges to support graph joins and audit trails.

Endpoints

  • GET /sbom/ledger/history?artifact=<ref>&limit=50&cursor=0
  • GET /sbom/ledger/point?artifact=<ref>&at=<iso8601>
  • GET /sbom/ledger/range?artifact=<ref>&start=<iso8601>&end=<iso8601>
  • GET /sbom/ledger/diff?before=<versionId>&after=<versionId>
  • GET /sbom/ledger/lineage?artifact=<ref>

Lineage relationships

  • parent: explicit parent version link (supplied at ingest).
  • build: versions emitted from the same CI build ID (from upload provenance).

Example lineage response

{
  "artifactRef": "example.com/app:1.2.3",
  "nodes": [{ "versionId": "v1", "sequenceNumber": 1, "digest": "sha256:..." }],
  "edges": [{ "fromVersionId": "v1", "toVersionId": "v2", "relationship": "build" }]
}

Notes

  • Ledger storage is in-memory until PostgreSQL-backed persistence is wired.
  • Ordering is deterministic by sequence number, then timestamp.