stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
51f9b798ed950c8afed8a690e0765d127c388653
git.stella-ops.org/docs/modules/sbom-service/README.md
master 7943cfb3af chore(docs+devops): cross-module doc sync + sprint archival moves + compose updates 
Bundled pre-session doc + ops work:
- docs/modules/**: sync across advisory-ai, airgap, cli, excititor,
  export-center, findings-ledger, notifier, notify, platform, router,
  sbom-service, ui, web (architectural + operational updates)
- docs/features/**: updates to checked excititor vex pipeline,
  developer workspace, quick verify drawer
- docs top-level: README, quickstart, API_CLI_REFERENCE, UI_GUIDE,
  code-of-conduct/TESTING_PRACTICES updates
- docs/qa/feature-checks/: FLOW.md + excititor state update
- docs/implplan/: remaining sprint updates + new Concelier source
  credentials sprint (SPRINT_20260422_003)
- docs-archived/implplan/: 30 sprint archival moves (ElkSharp series,
  misc completed sprints)
- devops/compose: .env + services compose + env example + router gateway
  config updates

File-level granularity preserved.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 16:06:39 +03:00

49 lines
1.5 KiB
Markdown
Raw Blame History

# SbomService
**Status:** Implemented
**Source:** `src/SbomService/`
**Owner:** Scanner Guild
## Purpose
SbomService provides SBOM storage, versioning, and lineage tracking. Maintains the canonical SBOM repository with support for SPDX 3.0.1 and CycloneDX 1.6 formats, including temporal queries and dependency graph analysis.
## Components
**Services:**
- `StellaOps.SbomService` - Main SBOM service with API and business logic
**Libraries:**
- `StellaOps.SbomService.Storage.Postgres` - PostgreSQL storage adapter for SBOM persistence
- `StellaOps.SbomService.Storage.Postgres.Tests` - Storage layer integration tests
## Configuration
Configuration is embedded in the service module settings.
Key settings:
- PostgreSQL connection (schema: `sbom_service`)
- Authority integration
- SBOM format support (SPDX, CycloneDX)
- Versioning and lineage policies
- Retention settings
## Dependencies
- PostgreSQL (schema: `sbom_service`)
- Authority (authentication)
- Scanner (SBOM generation source)
- Attestor (SBOM attestation integration)
- ExportCenter (SBOM export and distribution)
## Related Documentation
- Architecture: `./architecture.md`
- Scanner: `../scanner/`
- Attestor: `../attestor/`
- Data Schemas: `../../11_DATA_SCHEMAS.md`
## Current Status
Implemented with PostgreSQL storage backend. Supports SBOM ingestion, versioning, and lineage tracking. The host now expects durable PostgreSQL-backed state for all canonical runtime stores; fixture-backed and in-memory repositories are injected only by explicit test harnesses.
Reference in New Issue View Git Blame Copy Permalink