git.stella-ops.org/src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/Descriptor/DescriptorRequest.cs

using System;

namespace StellaOps.Scanner.Sbomer.BuildXPlugin.Descriptor;

/// <summary>
/// Request for generating BuildX descriptor artifacts.
/// </summary>
public sealed record DescriptorRequest
{
    public string ImageDigest { get; init; } = string.Empty;
    public string SbomPath { get; init; } = string.Empty;
    public string SbomMediaType { get; init; } = "application/vnd.cyclonedx+json";
    public string SbomFormat { get; init; } = "cyclonedx-json";
    public string SbomArtifactType { get; init; } = "application/vnd.stellaops.sbom.layer+json";
    public string SbomKind { get; init; } = "inventory";
    public string SubjectMediaType { get; init; } = "application/vnd.oci.image.manifest.v1+json";
    public string GeneratorVersion { get; init; } = "0.0.0";
    public string? GeneratorName { get; init; }
    public string? LicenseId { get; init; }
    public string? SbomName { get; init; }
    public string? Repository { get; init; }
    public string? BuildRef { get; init; }
    public string? AttestorUri { get; init; }
    public string PredicateType { get; init; } = "https://slsa.dev/provenance/v1";

    public DescriptorRequest Validate()
    {
        if (string.IsNullOrWhiteSpace(ImageDigest))
        {
            throw new BuildxPluginException("Image digest is required.");
        }

        if (!ImageDigest.Contains(':', StringComparison.Ordinal))
        {
            throw new BuildxPluginException("Image digest must include the algorithm prefix, e.g. 'sha256:...'.");
        }

        if (string.IsNullOrWhiteSpace(SbomPath))
        {
            throw new BuildxPluginException("SBOM path is required.");
        }

        return this;
    }
}