1.8 KiB
1.8 KiB
OCI Artifact Storage for Reachability Slices
Module
Scanner
Status
VERIFIED
Description
OCI artifact storage with custom media types (application/vnd.stellaops.slice.v1+json) for reachability slices, supporting push/pull with DSSE signature verification, referrer-based linking, and caching.
Implementation Details
- OCI Slice Storage:
src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SlicePushService.cs-SlicePushServicepushes reachability slices as OCI artifacts with custom media typessrc/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SlicePullService.cs-SlicePullServicepulls reachability slices from OCI registries with DSSE signature verificationsrc/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SliceOciManifestBuilder.cs-SliceOciManifestBuilderconstructs OCI manifests for reachability slice artifactssrc/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/OciMediaTypes.cs- Defines custom media types (application/vnd.stellaops.slice.v1+json)
- Slice Schema:
src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Slices/SliceSchema.cs-SliceSchemadefines the schema for reachability slice data
E2E Test Plan
- Push a reachability slice to an OCI registry and verify the artifact is stored with the correct custom media type
- Pull a previously pushed reachability slice and verify integrity and DSSE signature verification passes
- Verify referrer-based linking connects the slice artifact to its parent image manifest
- Verify pulling a tampered slice fails DSSE signature verification
- Verify caching avoids redundant pushes for unchanged slices
Verification
| Check | Result |
|---|---|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |