stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
dd98d6c3f6c80c4e04cddb4a4427f077ab6d19d4
git.stella-ops.org/docs/modules/sbom-service
History
master 7943cfb3af chore(docs+devops): cross-module doc sync + sprint archival moves + compose updates 
Bundled pre-session doc + ops work:
- docs/modules/**: sync across advisory-ai, airgap, cli, excititor,
  export-center, findings-ledger, notifier, notify, platform, router,
  sbom-service, ui, web (architectural + operational updates)
- docs/features/**: updates to checked excititor vex pipeline,
  developer workspace, quick verify drawer
- docs top-level: README, quickstart, API_CLI_REFERENCE, UI_GUIDE,
  code-of-conduct/TESTING_PRACTICES updates
- docs/qa/feature-checks/: FLOW.md + excititor state update
- docs/implplan/: remaining sprint updates + new Concelier source
  credentials sprint (SPRINT_20260422_003)
- docs-archived/implplan/: 30 sprint archival moves (ElkSharp series,
  misc completed sprints)
- devops/compose: .env + services compose + env example + router gateway
  config updates

File-level granularity preserved.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 16:06:39 +03:00
..
api
docs consolidation, big sln build fixes, new advisories and sprints/tasks
2026-01-05 18:37:08 +02:00
fixtures/lnm-v1
docs consolidation, big sln build fixes, new advisories and sprints/tasks
2026-01-05 18:37:08 +02:00
guides
docs consolidation and others
2026-01-06 19:07:48 +02:00
lineage
partly or unimplemented features - now implemented
2026-02-09 08:53:51 +02:00
reviews
docs consolidation, big sln build fixes, new advisories and sprints/tasks
2026-01-05 18:37:08 +02:00
runbooks
docs consolidation and others
2026-01-06 19:07:48 +02:00
schemas
audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories
2026-01-07 18:50:11 +02:00
sources
docs consolidation, big sln build fixes, new advisories and sprints/tasks
2026-01-05 18:37:08 +02:00
architecture.md
chore(docs+devops): cross-module doc sync + sprint archival moves + compose updates
2026-04-22 16:06:39 +03:00
byos-ingestion.md
docs consolidation, big sln build fixes, new advisories and sprints/tasks
2026-01-05 18:37:08 +02:00
ledger-lineage.md
docs consolidation, big sln build fixes, new advisories and sprints/tasks
2026-01-05 18:37:08 +02:00
lineage-ledger.md
docs consolidation, big sln build fixes, new advisories and sprints/tasks
2026-01-05 18:37:08 +02:00
offline-feed-plan.md
docs consolidation, big sln build fixes, new advisories and sprints/tasks
2026-01-05 18:37:08 +02:00
README.md
chore(docs+devops): cross-module doc sync + sprint archival moves + compose updates
2026-04-22 16:06:39 +03:00
retention-policy.md
docs consolidation, big sln build fixes, new advisories and sprints/tasks
2026-01-05 18:37:08 +02:00
spdx3-profile-support.md
audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories
2026-01-07 18:50:11 +02:00

README.md

SbomService

Status: Implemented Source: src/SbomService/ Owner: Scanner Guild

Purpose

SbomService provides SBOM storage, versioning, and lineage tracking. Maintains the canonical SBOM repository with support for SPDX 3.0.1 and CycloneDX 1.6 formats, including temporal queries and dependency graph analysis.

Components

Services:

  • StellaOps.SbomService - Main SBOM service with API and business logic

Libraries:

  • StellaOps.SbomService.Storage.Postgres - PostgreSQL storage adapter for SBOM persistence
  • StellaOps.SbomService.Storage.Postgres.Tests - Storage layer integration tests

Configuration

Configuration is embedded in the service module settings.

Key settings:

  • PostgreSQL connection (schema: sbom_service)
  • Authority integration
  • SBOM format support (SPDX, CycloneDX)
  • Versioning and lineage policies
  • Retention settings

Dependencies

  • PostgreSQL (schema: sbom_service)
  • Authority (authentication)
  • Scanner (SBOM generation source)
  • Attestor (SBOM attestation integration)
  • ExportCenter (SBOM export and distribution)

Related Documentation

  • Architecture: ./architecture.md
  • Scanner: ../scanner/
  • Attestor: ../attestor/
  • Data Schemas: ../../11_DATA_SCHEMAS.md

Current Status

Implemented with PostgreSQL storage backend. Supports SBOM ingestion, versioning, and lineage tracking. The host now expects durable PostgreSQL-backed state for all canonical runtime stores; fixture-backed and in-memory repositories are injected only by explicit test harnesses.