53 lines
3.4 KiB
Markdown
53 lines
3.4 KiB
Markdown
# Layer-SBOM Cache with Hash-Based Reuse
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Description
|
|
Layer-level SBOM caching is implemented with a dedicated cache store, cache entries, put requests, maintenance service, and a LayerSbomService that integrates with the scanner pipeline.
|
|
|
|
## Implementation Details
|
|
- **Cache Abstractions**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Cache/Abstractions/ILayerCacheStore.cs` - `ILayerCacheStore` interface defining cache operations (get, put, evict)
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Cache/Abstractions/LayerCacheEntry.cs` - `LayerCacheEntry` model for cached layer SBOM data keyed by layer hash
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Cache/Abstractions/LayerCachePutRequest.cs` - `LayerCachePutRequest` model for inserting new cache entries
|
|
- **Cache Store**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerCache/LayerCacheStore.cs` - `LayerCacheStore` implementation with hash-based lookup and TTL-based eviction
|
|
- **Content-Addressable Storage**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerSbomCas/ILayerSbomCas.cs` - `ILayerSbomCas` interface for content-addressable SBOM storage
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerSbomCas/PostgresLayerSbomCas.cs` - `PostgresLayerSbomCas` PostgreSQL-backed content-addressable store for layer SBOMs
|
|
- **Maintenance**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Cache/Maintenance/ScannerCacheMaintenanceService.cs` - `ScannerCacheMaintenanceService` handles cache cleanup, TTL-based eviction, and storage management
|
|
- **DI Registration**: `src/Scanner/__Libraries/StellaOps.Scanner.Cache/ScannerCacheServiceCollectionExtensions.cs`
|
|
- **WebService Integration**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/ILayerSbomService.cs` - `ILayerSbomService` interface for layer SBOM operations
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/LayerSbomService.cs` - `LayerSbomService` integrates cache with the scanner pipeline
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/LayerSbomEndpoints.cs` - REST endpoints for layer SBOM retrieval
|
|
- **Layer Composition**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/LayerSbomComposer.cs` - Composes per-layer SBOMs
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/ILayerSbomWriter.cs` - Interface for writing per-layer SBOMs
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/SpdxLayerWriter.cs` - SPDX format layer writer
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/CycloneDxLayerWriter.cs` - CycloneDX format layer writer
|
|
|
|
## E2E Test Plan
|
|
- [ ] Scan an image and verify layer SBOMs are cached by layer hash in the content-addressable store
|
|
- [ ] Rescan an image sharing cached layers and verify cached layer SBOMs are reused (cache hit) without re-analysis
|
|
- [ ] Verify cache entries include correct TTL metadata and are evicted after expiry by the maintenance service
|
|
- [ ] Retrieve a per-layer SBOM via the `LayerSbomEndpoints` REST API and verify it contains the correct components for that layer
|
|
- [ ] Verify cache put requests correctly store new layer SBOM data with content-addressed keys
|
|
- [ ] Verify the maintenance service runs periodic cleanup and removes stale cache entries
|
|
|
|
---
|
|
|
|
## Verification
|
|
|
|
| Check | Result |
|
|
|-------|--------|
|
|
| Tier 0 - Source files exist | PASS |
|
|
| Tier 1 - Build + code review | PASS |
|
|
| Tier 2 - Integration tests | PASS |
|
|
| Verified | 2026-02-13T18:10:00Z |
|