4.4 KiB
4.4 KiB
SBOM Sources Manager Backend (Domain + REST API + Persistence)
Module
Scanner
Status
IMPLEMENTED
Description
Unified SBOM Sources Manager with domain models (SbomSource, SbomSourceRun), PostgreSQL persistence, 12 REST API endpoints, AuthRef credential management, and 4 source type handlers (Zastava, Docker, CLI, Git) with connection testing.
Implementation Details
- Domain Models:
src/Scanner/__Libraries/StellaOps.Scanner.Sources/Domain/SbomSource.cs-SbomSourcedomain entity representing a configured SBOM source with type, credentials, schedule, and metadatasrc/Scanner/__Libraries/StellaOps.Scanner.Sources/Domain/SbomSourceRun.cs-SbomSourceRundomain entity tracking individual scan executions with status, timing, and resultssrc/Scanner/__Libraries/StellaOps.Scanner.Sources/Domain/SbomSourceEnums.cs- Enums for source types, run statuses, and trigger types
- REST API Contracts:
src/Scanner/__Libraries/StellaOps.Scanner.Sources/Contracts/SourceContracts.cs-SourceContractsDTOs for the 12 REST API endpoints (CRUD, list, test-connection, trigger, runs)
- Service Layer:
src/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/SbomSourceService.cs-SbomSourceServiceimplementing business logic for source managementsrc/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/ISbomSourceService.cs- Interface for source management service
- Persistence:
src/Scanner/__Libraries/StellaOps.Scanner.Sources/Persistence/SbomSourceRepository.cs-SbomSourceRepositoryPostgreSQL persistence for SBOM sourcessrc/Scanner/__Libraries/StellaOps.Scanner.Sources/Persistence/SbomSourceRunRepository.cs-SbomSourceRunRepositoryPostgreSQL persistence for source run historysrc/Scanner/__Libraries/StellaOps.Scanner.Sources/Persistence/ISbomSourceRepository.cs- Interface for source persistence
- Source-Type Handlers:
src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/ISourceTypeHandler.cs-ISourceTypeHandlerinterfacesrc/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Zastava/ZastavaSourceHandler.cs- Zastava container registry handlersrc/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Docker/DockerSourceHandler.cs- Docker Hub/registry handlersrc/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Cli/CliSourceHandler.cs- CLI-triggered scan handlersrc/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Git/GitSourceHandler.cs- Git repository handler
- Connection Testing:
src/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/SourceConnectionTester.cs-SourceConnectionTestervalidates source connectivity and credentialssrc/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/ISourceConnectionTester.cs- Interface for connection testingsrc/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/ZastavaConnectionTester.cs- Zastava-specific connection testsrc/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/DockerConnectionTester.cs- Docker-specific connection testsrc/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/CliConnectionTester.cs- CLI-specific connection testsrc/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/GitConnectionTester.cs- Git-specific connection test
- Configuration:
src/Scanner/__Libraries/StellaOps.Scanner.Sources/Configuration/SourceConfigValidator.cs-SourceConfigValidatorvalidates source configuration completenesssrc/Scanner/__Libraries/StellaOps.Scanner.Sources/Configuration/ISourceConfigValidator.cs- Interface for config validation
- Tests:
src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/Domain/SbomSourceTests.cs- Unit tests for domain models
E2E Test Plan
- Create an SBOM source via the REST API with Zastava type and verify it is persisted in PostgreSQL with correct configuration
- Test connection for each source type (Zastava, Docker, CLI, Git) and verify the connection tester returns appropriate success/failure status
- Trigger a scan run on a configured source and verify an
SbomSourceRunrecord is created with initial status - List source runs for a source and verify they include timing, status, and result metadata
- Update an SBOM source's credentials via AuthRef and verify subsequent connections use the updated credentials
- Delete an SBOM source and verify cascade behavior for associated runs