1.6 KiB
1.6 KiB
OCI Artifact Storage for Reachability Slices
Module
Scanner
Status
IMPLEMENTED
Description
OCI artifact storage with custom media types (application/vnd.stellaops.slice.v1+json) for reachability slices, supporting push/pull with DSSE signature verification, referrer-based linking, and caching.
Implementation Details
- OCI Slice Storage:
src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SlicePushService.cs-SlicePushServicepushes reachability slices as OCI artifacts with custom media typessrc/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SlicePullService.cs-SlicePullServicepulls reachability slices from OCI registries with DSSE signature verificationsrc/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SliceOciManifestBuilder.cs-SliceOciManifestBuilderconstructs OCI manifests for reachability slice artifactssrc/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/OciMediaTypes.cs- Defines custom media types (application/vnd.stellaops.slice.v1+json)
- Slice Schema:
src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Slices/SliceSchema.cs-SliceSchemadefines the schema for reachability slice data
E2E Test Plan
- Push a reachability slice to an OCI registry and verify the artifact is stored with the correct custom media type
- Pull a previously pushed reachability slice and verify integrity and DSSE signature verification passes
- Verify referrer-based linking connects the slice artifact to its parent image manifest
- Verify pulling a tampered slice fails DSSE signature verification
- Verify caching avoids redundant pushes for unchanged slices