185 lines
5.5 KiB
C#
185 lines
5.5 KiB
C#
|
|
using StellaOps.Concelier.SbomIntegration.Models;
|
|
using System.Collections.Immutable;
|
|
|
|
namespace StellaOps.Policy.NtiaCompliance;
|
|
|
|
public interface INtiaComplianceValidator
|
|
{
|
|
Task<NtiaComplianceReport> ValidateAsync(
|
|
ParsedSbom sbom,
|
|
NtiaCompliancePolicy policy,
|
|
CancellationToken ct = default);
|
|
}
|
|
|
|
public sealed record NtiaComplianceReport
|
|
{
|
|
public NtiaComplianceStatus OverallStatus { get; init; } = NtiaComplianceStatus.Unknown;
|
|
public ImmutableArray<NtiaElementStatus> ElementStatuses { get; init; } = [];
|
|
public ImmutableArray<NtiaFinding> Findings { get; init; } = [];
|
|
public double ComplianceScore { get; init; }
|
|
public SupplierValidationStatus SupplierStatus { get; init; } = SupplierValidationStatus.Unknown;
|
|
public SupplierValidationReport? SupplierReport { get; init; }
|
|
public SupplierTrustReport? SupplierTrust { get; init; }
|
|
public DependencyCompletenessReport? DependencyCompleteness { get; init; }
|
|
public FrameworkComplianceReport? Frameworks { get; init; }
|
|
public SupplyChainTransparencyReport? SupplyChain { get; init; }
|
|
}
|
|
|
|
public sealed record NtiaElementStatus
|
|
{
|
|
public NtiaElement Element { get; init; }
|
|
public bool Present { get; init; }
|
|
public bool Valid { get; init; }
|
|
public int ComponentsCovered { get; init; }
|
|
public int ComponentsMissing { get; init; }
|
|
public string? Notes { get; init; }
|
|
}
|
|
|
|
public sealed record NtiaFinding
|
|
{
|
|
public NtiaFindingType Type { get; init; }
|
|
public NtiaElement? Element { get; init; }
|
|
public string? Component { get; init; }
|
|
public string? Supplier { get; init; }
|
|
public int? Count { get; init; }
|
|
public string? Message { get; init; }
|
|
}
|
|
|
|
public sealed record SupplierValidationReport
|
|
{
|
|
public ImmutableArray<SupplierInventoryEntry> Suppliers { get; init; } = [];
|
|
public ImmutableArray<ComponentSupplierEntry> Components { get; init; } = [];
|
|
public int ComponentsMissingSupplier { get; init; }
|
|
public int ComponentsWithSupplier { get; init; }
|
|
public double CoveragePercent { get; init; }
|
|
public SupplierValidationStatus Status { get; init; } = SupplierValidationStatus.Unknown;
|
|
public ImmutableArray<NtiaFinding> Findings { get; init; } = [];
|
|
}
|
|
|
|
public sealed record SupplierInventoryEntry
|
|
{
|
|
public required string Name { get; init; }
|
|
public string? Url { get; init; }
|
|
public int ComponentCount { get; init; }
|
|
public bool PlaceholderDetected { get; init; }
|
|
}
|
|
|
|
public sealed record ComponentSupplierEntry
|
|
{
|
|
public required string ComponentName { get; init; }
|
|
public string? SupplierName { get; init; }
|
|
public string? SupplierUrl { get; init; }
|
|
public bool IsPlaceholder { get; init; }
|
|
public bool UrlValid { get; init; }
|
|
}
|
|
|
|
public sealed record SupplierTrustReport
|
|
{
|
|
public ImmutableArray<SupplierTrustEntry> Suppliers { get; init; } = [];
|
|
public int VerifiedSuppliers { get; init; }
|
|
public int KnownSuppliers { get; init; }
|
|
public int UnknownSuppliers { get; init; }
|
|
public int BlockedSuppliers { get; init; }
|
|
}
|
|
|
|
public sealed record SupplierTrustEntry
|
|
{
|
|
public required string Supplier { get; init; }
|
|
public SupplierTrustLevel TrustLevel { get; init; }
|
|
public ImmutableArray<string> Components { get; init; } = [];
|
|
}
|
|
|
|
public sealed record DependencyCompletenessReport
|
|
{
|
|
public int TotalComponents { get; init; }
|
|
public int ComponentsWithDependencies { get; init; }
|
|
public ImmutableArray<string> OrphanedComponents { get; init; } = [];
|
|
public ImmutableArray<string> MissingDependencyRefs { get; init; } = [];
|
|
public double CompletenessScore { get; init; }
|
|
}
|
|
|
|
public sealed record FrameworkComplianceReport
|
|
{
|
|
public ImmutableArray<FrameworkComplianceEntry> Frameworks { get; init; } = [];
|
|
}
|
|
|
|
public sealed record FrameworkComplianceEntry
|
|
{
|
|
public required RegulatoryFramework Framework { get; init; }
|
|
public NtiaComplianceStatus Status { get; init; } = NtiaComplianceStatus.Unknown;
|
|
public ImmutableArray<NtiaElement> MissingElements { get; init; } = [];
|
|
public ImmutableArray<string> MissingFields { get; init; } = [];
|
|
public double ComplianceScore { get; init; }
|
|
}
|
|
|
|
public sealed record SupplyChainTransparencyReport
|
|
{
|
|
public int TotalSuppliers { get; init; }
|
|
public int TotalComponents { get; init; }
|
|
public string? TopSupplier { get; init; }
|
|
public double TopSupplierShare { get; init; }
|
|
public double ConcentrationIndex { get; init; }
|
|
public int UnknownSuppliers { get; init; }
|
|
public int BlockedSuppliers { get; init; }
|
|
public ImmutableArray<SupplierInventoryEntry> Suppliers { get; init; } = [];
|
|
public ImmutableArray<string> RiskFlags { get; init; } = [];
|
|
}
|
|
|
|
public enum NtiaComplianceStatus
|
|
{
|
|
Unknown = 0,
|
|
Pass = 1,
|
|
Warn = 2,
|
|
Fail = 3
|
|
}
|
|
|
|
public enum SupplierValidationStatus
|
|
{
|
|
Unknown = 0,
|
|
Pass = 1,
|
|
Warn = 2,
|
|
Fail = 3
|
|
}
|
|
|
|
public enum SupplierTrustLevel
|
|
{
|
|
Verified = 0,
|
|
Known = 1,
|
|
Unknown = 2,
|
|
Blocked = 3
|
|
}
|
|
|
|
public enum NtiaElement
|
|
{
|
|
SupplierName = 0,
|
|
ComponentName = 1,
|
|
ComponentVersion = 2,
|
|
OtherUniqueIdentifiers = 3,
|
|
DependencyRelationship = 4,
|
|
AuthorOfSbomData = 5,
|
|
Timestamp = 6
|
|
}
|
|
|
|
public enum NtiaFindingType
|
|
{
|
|
MissingElement = 0,
|
|
InvalidElement = 1,
|
|
PlaceholderSupplier = 2,
|
|
InvalidSupplierUrl = 3,
|
|
MissingSupplier = 4,
|
|
BlockedSupplier = 5,
|
|
UnknownSupplier = 6,
|
|
MissingDependency = 7,
|
|
MissingIdentifier = 8
|
|
}
|
|
|
|
public enum RegulatoryFramework
|
|
{
|
|
Ntia = 0,
|
|
Fda = 1,
|
|
Cisa = 2,
|
|
EuCra = 3,
|
|
Nist = 4
|
|
}
|