52 lines
4.4 KiB
Markdown
52 lines
4.4 KiB
Markdown
# SBOM Sources Manager Backend (Domain + REST API + Persistence)
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Unified SBOM Sources Manager with domain models (SbomSource, SbomSourceRun), PostgreSQL persistence, 12 REST API endpoints, AuthRef credential management, and 4 source type handlers (Zastava, Docker, CLI, Git) with connection testing.
|
|
|
|
## Implementation Details
|
|
- **Domain Models**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Domain/SbomSource.cs` - `SbomSource` domain entity representing a configured SBOM source with type, credentials, schedule, and metadata
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Domain/SbomSourceRun.cs` - `SbomSourceRun` domain entity tracking individual scan executions with status, timing, and results
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Domain/SbomSourceEnums.cs` - Enums for source types, run statuses, and trigger types
|
|
- **REST API Contracts**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Contracts/SourceContracts.cs` - `SourceContracts` DTOs for the 12 REST API endpoints (CRUD, list, test-connection, trigger, runs)
|
|
- **Service Layer**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/SbomSourceService.cs` - `SbomSourceService` implementing business logic for source management
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/ISbomSourceService.cs` - Interface for source management service
|
|
- **Persistence**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Persistence/SbomSourceRepository.cs` - `SbomSourceRepository` PostgreSQL persistence for SBOM sources
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Persistence/SbomSourceRunRepository.cs` - `SbomSourceRunRepository` PostgreSQL persistence for source run history
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Persistence/ISbomSourceRepository.cs` - Interface for source persistence
|
|
- **Source-Type Handlers**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/ISourceTypeHandler.cs` - `ISourceTypeHandler` interface
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Zastava/ZastavaSourceHandler.cs` - Zastava container registry handler
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Docker/DockerSourceHandler.cs` - Docker Hub/registry handler
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Cli/CliSourceHandler.cs` - CLI-triggered scan handler
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Handlers/Git/GitSourceHandler.cs` - Git repository handler
|
|
- **Connection Testing**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/SourceConnectionTester.cs` - `SourceConnectionTester` validates source connectivity and credentials
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/ISourceConnectionTester.cs` - Interface for connection testing
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/ZastavaConnectionTester.cs` - Zastava-specific connection test
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/DockerConnectionTester.cs` - Docker-specific connection test
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/CliConnectionTester.cs` - CLI-specific connection test
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/ConnectionTesters/GitConnectionTester.cs` - Git-specific connection test
|
|
- **Configuration**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Configuration/SourceConfigValidator.cs` - `SourceConfigValidator` validates source configuration completeness
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Sources/Configuration/ISourceConfigValidator.cs` - Interface for config validation
|
|
- **Tests**:
|
|
- `src/Scanner/__Tests/StellaOps.Scanner.Sources.Tests/Domain/SbomSourceTests.cs` - Unit tests for domain models
|
|
|
|
## E2E Test Plan
|
|
- [ ] Create an SBOM source via the REST API with Zastava type and verify it is persisted in PostgreSQL with correct configuration
|
|
- [ ] Test connection for each source type (Zastava, Docker, CLI, Git) and verify the connection tester returns appropriate success/failure status
|
|
- [ ] Trigger a scan run on a configured source and verify an `SbomSourceRun` record is created with initial status
|
|
- [ ] List source runs for a source and verify they include timing, status, and result metadata
|
|
- [ ] Update an SBOM source's credentials via AuthRef and verify subsequent connections use the updated credentials
|
|
- [ ] Delete an SBOM source and verify cascade behavior for associated runs
|