stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9ca2de05dff9c7db11eb49df6d4e47bbfe7a99f6
git.stella-ops.org/docs/implplan-blocked/audits/csproj-standards/SbomService/StellaOps.SbomService/StellaOps.SbomService.md

4.5 KiB
Raw Blame History

Audit - StellaOps.SbomService

Project

  • Path: src/SbomService/StellaOps.SbomService/StellaOps.SbomService.csproj
  • Module: SbomService
  • Kind: WebService
  • SDK: Microsoft.NET.Sdk.Web
  • TargetFramework: net10.0
  • Audit date (UTC): 2026-01-30

Coding Standards Findings

  • Status: FAIL
  • Nullable: enable
  • TreatWarningsAsErrors: explicit true
  • Deterministic: inherited true
  • 100-line rule violations: 34
  • Service locator usage (BuildServiceProvider/GetService): 0
  • Analyzer enforcement: missing repo-wide (see summary).

Details

  • 100-line files:
    • src/SbomService/StellaOps.SbomService/Program.cs (1355 lines)
    • src/SbomService/StellaOps.SbomService/Services/RegistryWebhookService.cs (598 lines)
    • src/SbomService/StellaOps.SbomService/Services/RegistryDiscoveryService.cs (585 lines)
    • src/SbomService/StellaOps.SbomService/Services/SbomLedgerService.cs (568 lines)
    • src/SbomService/StellaOps.SbomService/Services/SbomLineageGraphService.cs (539 lines)
    • src/SbomService/StellaOps.SbomService/Services/ILineageCompareService.cs (532 lines)
    • src/SbomService/StellaOps.SbomService/Services/LineageCompareService.cs (531 lines)
    • src/SbomService/StellaOps.SbomService/Services/RegistrySourceService.cs (439 lines)
    • src/SbomService/StellaOps.SbomService/Models/SbomLedgerModels.cs (409 lines)
    • src/SbomService/StellaOps.SbomService/Controllers/RegistrySourceController.cs (404 lines)
    • src/SbomService/StellaOps.SbomService/Services/InMemorySbomQueryService.cs (404 lines)
    • src/SbomService/StellaOps.SbomService/Services/ReplayVerificationService.cs (351 lines)
    • src/SbomService/StellaOps.SbomService/Services/ScanJobEmitterService.cs (346 lines)
    • src/SbomService/StellaOps.SbomService/Services/InMemoryLineageCompareCache.cs (327 lines)
    • src/SbomService/StellaOps.SbomService/Services/LineageHoverCache.cs (314 lines)
    • src/SbomService/StellaOps.SbomService/Repositories/RegistrySourceRepositories.cs (285 lines)
    • src/SbomService/StellaOps.SbomService/Services/SbomNormalizationService.cs (283 lines)
    • src/SbomService/StellaOps.SbomService/Services/ReplayHashService.cs (272 lines)
    • src/SbomService/StellaOps.SbomService/Services/SbomContextAssembler.cs (259 lines)
    • src/SbomService/StellaOps.SbomService/Services/ValkeyLineageCompareCache.cs (257 lines)
    • src/SbomService/StellaOps.SbomService/Repositories/InMemorySbomLineageEdgeRepository.cs (255 lines)
    • src/SbomService/StellaOps.SbomService/Services/IReplayVerificationService.cs (255 lines)
    • src/SbomService/StellaOps.SbomService/Models/RegistrySourceModels.cs (242 lines)
    • src/SbomService/StellaOps.SbomService/Services/SbomUploadService.cs (228 lines)
    • src/SbomService/StellaOps.SbomService/Controllers/RegistryWebhookController.cs (222 lines)
    • src/SbomService/StellaOps.SbomService/Repositories/InMemorySbomLedgerRepository.cs (190 lines)
    • src/SbomService/StellaOps.SbomService/Controllers/LineageController.cs (168 lines)
    • src/SbomService/StellaOps.SbomService/Services/LineageExportService.cs (137 lines)
    • src/SbomService/StellaOps.SbomService/Services/OutboundUrlPolicy.cs (129 lines)
    • src/SbomService/StellaOps.SbomService/Services/SbomEvents.cs (124 lines)
    • src/SbomService/StellaOps.SbomService/Repositories/ISbomLineageEdgeRepository.cs (114 lines)
    • src/SbomService/StellaOps.SbomService/Services/ILineageCompareCache.cs (112 lines)
    • src/SbomService/StellaOps.SbomService/Services/OrchestratorControlService.cs (110 lines)
    • src/SbomService/StellaOps.SbomService/Services/IReplayHashService.cs (102 lines)
  • Service locator matches:
    • none

Fix Guidance

  • Split files over 100 lines into smaller types or partials.

Testing Fullness Findings

  • Status: FAIL
  • Expected layers: Unit, Integration, Security, Offline
  • Detected test projects: src/SbomService/__Tests/StellaOps.SbomService.Persistence.Tests/StellaOps.SbomService.Persistence.Tests.csproj [Unit], src/SbomService/__Tests/StellaOps.SbomService.Lineage.Tests/StellaOps.SbomService.Lineage.Tests.csproj [Unit], src/SbomService/StellaOps.SbomService.Tests/StellaOps.SbomService.Tests.csproj [Unit]
  • Missing layers: Integration, Security, Offline

Manual checks required

  • Observability contract tests for WebService/Worker.
  • Offline execution (tests must run without network access).

Fix Guidance

  • Add integration tests for cross-component flows.
  • Add security tests for authn/authz or input validation.
  • Add offline/airgap coverage with fixtures only.