1.8 KiB
1.8 KiB
Offline Slice Bundle Export/Import (OCI Layout)
Module
Scanner
Status
VERIFIED
Description
Offline distribution of reachability slices via OCI layout tar.gz bundles including all referenced artifacts (graphs, SBOMs), with integrity verification on import. Targets <100MB for typical scans.
Implementation Details
- Offline Bundle Service:
src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/Offline/OfflineBundleService.cs-OfflineBundleServiceexports and imports reachability slices as OCI layout tar.gz bundles with all referenced artifacts
- Evidence Bundle Export:
src/Scanner/StellaOps.Scanner.WebService/Services/IEvidenceBundleExporter.cs-IEvidenceBundleExporterinterface for exporting evidence bundlessrc/Scanner/StellaOps.Scanner.WebService/Services/EvidenceBundleExporter.cs-EvidenceBundleExporterexports scan evidence as portable bundles
- OCI Slice Services:
src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SlicePushService.cs- Push slices to OCI registriessrc/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SlicePullService.cs- Pull slices from OCI registries
E2E Test Plan
- Export a reachability slice bundle as an OCI layout tar.gz file and verify it contains all referenced artifacts (graphs, SBOMs)
- Import the exported bundle into a disconnected instance and verify integrity verification passes
- Verify the exported bundle size stays under 100MB for typical scans
- Verify tampered bundles fail integrity verification on import
- Verify the imported bundle's reachability data is usable for offline vulnerability analysis
Verification
| Check | Result |
|---|---|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |