stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
5ce40d2eebf33aa7bc803a0868a1c0d70dfdfd01
git.stella-ops.org/docs/artifacts/bom-index/README.md
master 5ce40d2eeb feat: Initialize Zastava Webhook service with TLS and Authority authentication 
- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint.
- Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately.
- Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly.
- Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.
2025-10-19 18:36:22 +03:00

51 lines
2.4 KiB
Markdown
Raw Blame History

# StellaOps BOM Index (`bom-index@1`)
The BOM index is a deterministic, offline-friendly sidecar that accelerates queries for
layer-to-component membership and entrypoint usage. It is emitted alongside CycloneDX
SBOMs and consumed by Scheduler/Notify services.
## File Layout
Binary little-endian encoding, organised as the following sections:
1. **Header**
- `magic` (`byte[7]`): ASCII `"BOMIDX1"` identifier.
- `version` (`uint16`): current value `1`.
- `flags` (`uint16`): bit `0` set when entrypoint usage bitmaps are present.
- `imageDigestLength` (`uint16`) + UTF-8 digest string (e.g. `sha256:...`).
- `generatedAt` (`int64`): microseconds since Unix epoch.
- `layerCount` (`uint32`), `componentCount` (`uint32`), `entrypointCount` (`uint32`).
2. **Layer Table**
- For each layer: `length` (`uint16`) + UTF-8 layer digest (canonical order, base image → top layer).
3. **Component Table**
- For each component: `length` (`uint16`) + UTF-8 identity (CycloneDX purl when available, otherwise canonical key).
4. **Component ↦ Layer Bitmaps**
- For each component (matching table order):
- `bitmapLength` (`uint32`).
- Roaring bitmap payload (`Collections.Special.RoaringBitmap.Serialize`) encoding layer indexes that introduce or retain the component.
5. **Entrypoint Table** *(optional; present when `flags & 0x1 == 1`)*
- For each unique entrypoint/launcher string: `length` (`uint16`) + UTF-8 value (sorted ordinally).
6. **Component ↦ Entrypoint Bitmaps** *(optional)*
- For each component: roaring bitmap whose set bits reference entrypoint indexes used by EntryTrace. Empty bitmap (`length == 0`) indicates the component is not part of any resolved entrypoint closure.
## Determinism Guarantees
* Layer, component, and entrypoint tables are strictly ordered (base → top layer, lexicographically for components and entrypoints).
* Roaring bitmaps are optimised prior to serialisation and always produced from sorted indexes.
* Header timestamp is normalised to microsecond precision using UTC.
## Sample
`sample-index.bin` is generated from the integration fixture used in unit tests. It contains:
* 2 layers: `sha256:layer1`, `sha256:layer2`.
* 3 components: `pkg:npm/a`, `pkg:npm/b`, `pkg:npm/c`.
* Entrypoint bitmaps for `/app/start.sh` and `/app/init.sh`.
The sample can be decoded with the `BomIndexBuilder` unit tests or any RoaringBitmap implementation compatible with `Collections.Special.RoaringBitmap`.
Reference in New Issue View Git Blame Copy Permalink