823 B
823 B
SBOM ledger retention policy
Purpose
Retention keeps ledger history bounded while preserving audit trails for compliance.
Configuration
Settings are bound from SbomService:Ledger (env prefix SBOM_SbomService__Ledger__):
MaxVersionsPerArtifact: max ledger versions retained per artifact (default 50).MaxAgeDays: prune versions older than N days (0 disables age pruning).MinVersionsToKeep: minimum versions always retained per artifact.
Operations
POST /internal/sbom/retention/pruneapplies retention rules and returns a summary.GET /internal/sbom/ledger/audit?artifact=<ref>returns audit entries for create/prune actions.
Guarantees
- Audit entries are append-only and preserved even when versions are pruned.
- Deterministic ordering is used when selecting versions to prune.