stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9ca2de05dff9c7db11eb49df6d4e47bbfe7a99f6
git.stella-ops.org/docs/features/unchecked/scanner/sbom-source-trigger-dispatch-service.md

2.8 KiB
Raw Blame History

SBOM Source Trigger Dispatch Service (Webhook + Scheduler + Retry)

Module

Scanner

Status

IMPLEMENTED

Description

Trigger dispatcher routing events to 4 source-type handlers, webhook endpoints supporting 8+ registry types (Harbor, DockerHub, ACR, ECR, GCR, GHCR, Gitea, Quay), scheduler integration for periodic scans, and retry logic with exponential backoff.

Implementation Details

  • Trigger Dispatcher:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Triggers/SourceTriggerDispatcher.cs - SourceTriggerDispatcher routes trigger events to the appropriate source-type handler based on source type
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Triggers/ISourceTriggerDispatcher.cs - Interface for trigger dispatching
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Triggers/TriggerContext.cs - TriggerContext carrying webhook payload, source metadata, and retry state
  • Webhook Endpoints:
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/WebhookEndpoints.cs - WebhookEndpoints exposing REST endpoints for registry webhook payloads from Harbor, DockerHub, ACR, ECR, GCR, GHCR, Gitea, Quay
  • Source-Type Handlers:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/ISourceTypeHandler.cs - ISourceTypeHandler interface for source-type-specific handling
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Zastava/ZastavaSourceHandler.cs - Zastava registry handler
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Docker/DockerSourceHandler.cs - Docker registry handler
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Cli/CliSourceHandler.cs - CLI-triggered handler
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Git/GitSourceHandler.cs - Git repository handler
  • Scheduler Integration:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/Scheduling/SourceSchedulerHostedService.cs - SourceSchedulerHostedService background service managing periodic scan schedules with cron-like scheduling
  • DI Registration:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sources/DependencyInjection/ServiceCollectionExtensions.cs - Registers trigger dispatcher, handlers, and scheduler

E2E Test Plan

  • Send a webhook payload from a Harbor registry push event and verify the trigger dispatcher routes it to the correct source-type handler
  • Verify webhook endpoints accept payloads from all supported registry types (DockerHub, ACR, ECR, GCR, GHCR, Gitea, Quay)
  • Configure a periodic scan schedule and verify the SourceSchedulerHostedService triggers scans at the configured intervals
  • Verify retry logic with exponential backoff when a handler fails to process a trigger event
  • Verify the TriggerContext carries the correct webhook payload metadata and source configuration to the handler