stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/per-layer-sbom-content-addressable-storage.md

2.1 KiB
Raw Blame History

Per-Layer SBOM Content-Addressable Storage

Module

Scanner

Status

IMPLEMENTED

Description

Content-addressable storage for per-layer SBOMs keyed by diffID with PostgreSQL metadata and gzip-compressed content storage. Supports TTL-based eviction for cold layers and provides cache hit/miss metrics. While "Layer-SBOM Cache with Hash-Based Reuse" exists in known features, this specific CAS implementation with PostgreSQL persistence and TTL eviction is a distinct shipped capability.

Implementation Details

  • Content-Addressable Storage:
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerSbomCas/ILayerSbomCas.cs - ILayerSbomCas interface for content-addressable SBOM storage keyed by diffID
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerSbomCas/PostgresLayerSbomCas.cs - PostgresLayerSbomCas PostgreSQL-backed CAS with gzip-compressed content storage and TTL-based eviction
  • Cache Infrastructure:
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/Abstractions/ILayerCacheStore.cs - Layer cache store interface
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/Abstractions/LayerCacheEntry.cs - Cache entry with metadata (diffID, TTL, creation time)
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerCache/LayerCacheStore.cs - Cache store implementation
  • Maintenance:
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/Maintenance/ScannerCacheMaintenanceService.cs - TTL-based eviction for cold/stale layer SBOMs
  • DI Registration: src/Scanner/__Libraries/StellaOps.Scanner.Cache/ScannerCacheServiceCollectionExtensions.cs

E2E Test Plan

  • Store a per-layer SBOM via CAS keyed by diffID and verify it is retrievable by the same key
  • Verify stored content is gzip-compressed and decompresses correctly on retrieval
  • Verify TTL-based eviction removes cold layer SBOMs after the configured TTL expires
  • Verify cache hit/miss metrics are tracked and exposed for monitoring
  • Verify duplicate puts for the same diffID are idempotent (content-addressable deduplication)
  • Verify PostgreSQL metadata correctly tracks creation time, last access time, and TTL for each entry