28 lines
1.6 KiB
Markdown
28 lines
1.6 KiB
Markdown
# SBOM-to-symbol component reachability mapping
|
|
|
|
## Module
|
|
Signals
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Description
|
|
SBOM correlation and function-level proof linking services map symbols to SBOM components and generate reachability facts.
|
|
|
|
## Implementation Details
|
|
- **Modules**: `src/Signals/StellaOps.Signals/Services/`
|
|
- **Key Classes**:
|
|
- `SbomCorrelationService` (`src/Signals/StellaOps.Signals/Services/ISbomCorrelationService.cs`) - correlates call-graph symbols with SBOM component identifiers
|
|
- `FuncProofLinkingService` (`src/Signals/StellaOps.Signals/Services/IFuncProofLinkingService.cs`) - links function-level evidence to SBOM components for reachability proof
|
|
- `HotSymbolsController` (`src/Signals/StellaOps.Signals/Api/HotSymbolsController.cs`) - API for querying hot (reachable) symbols mapped to SBOM components
|
|
- `HotSymbolIndex` (`src/Signals/StellaOps.Signals/Models/HotSymbolIndex.cs`) - index of frequently called/reachable symbols
|
|
- **Interfaces**: `ISbomCorrelationService`, `IFuncProofLinkingService`
|
|
- **Source**: Feature matrix scan
|
|
|
|
## E2E Test Plan
|
|
- [ ] Ingest a call graph and an SBOM, then verify `SbomCorrelationService` maps symbols to their SBOM components
|
|
- [ ] Verify `FuncProofLinkingService` generates function-level reachability proof linking symbols to components
|
|
- [ ] Query hot symbols via `HotSymbolsController` and verify reachable symbols are returned with their SBOM component references
|
|
- [ ] Verify mapping accuracy: submit a known symbol and confirm it maps to the correct SBOM package
|
|
- [ ] Verify unmapped symbols are flagged as unknown components
|