stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
dd98d6c3f6c80c4e04cddb4a4427f077ab6d19d4
git.stella-ops.org/docs/modules/sbom-service/README.md
master 7943cfb3af chore(docs+devops): cross-module doc sync + sprint archival moves + compose updates 
Bundled pre-session doc + ops work:
- docs/modules/**: sync across advisory-ai, airgap, cli, excititor,
  export-center, findings-ledger, notifier, notify, platform, router,
  sbom-service, ui, web (architectural + operational updates)
- docs/features/**: updates to checked excititor vex pipeline,
  developer workspace, quick verify drawer
- docs top-level: README, quickstart, API_CLI_REFERENCE, UI_GUIDE,
  code-of-conduct/TESTING_PRACTICES updates
- docs/qa/feature-checks/: FLOW.md + excititor state update
- docs/implplan/: remaining sprint updates + new Concelier source
  credentials sprint (SPRINT_20260422_003)
- docs-archived/implplan/: 30 sprint archival moves (ElkSharp series,
  misc completed sprints)
- devops/compose: .env + services compose + env example + router gateway
  config updates

File-level granularity preserved.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 16:06:39 +03:00

1.5 KiB
Raw Blame History

SbomService

Status: Implemented Source: src/SbomService/ Owner: Scanner Guild

Purpose

SbomService provides SBOM storage, versioning, and lineage tracking. Maintains the canonical SBOM repository with support for SPDX 3.0.1 and CycloneDX 1.6 formats, including temporal queries and dependency graph analysis.

Components

Services:

  • StellaOps.SbomService - Main SBOM service with API and business logic

Libraries:

  • StellaOps.SbomService.Storage.Postgres - PostgreSQL storage adapter for SBOM persistence
  • StellaOps.SbomService.Storage.Postgres.Tests - Storage layer integration tests

Configuration

Configuration is embedded in the service module settings.

Key settings:

  • PostgreSQL connection (schema: sbom_service)
  • Authority integration
  • SBOM format support (SPDX, CycloneDX)
  • Versioning and lineage policies
  • Retention settings

Dependencies

  • PostgreSQL (schema: sbom_service)
  • Authority (authentication)
  • Scanner (SBOM generation source)
  • Attestor (SBOM attestation integration)
  • ExportCenter (SBOM export and distribution)

Related Documentation

  • Architecture: ./architecture.md
  • Scanner: ../scanner/
  • Attestor: ../attestor/
  • Data Schemas: ../../11_DATA_SCHEMAS.md

Current Status

Implemented with PostgreSQL storage backend. Supports SBOM ingestion, versioning, and lineage tracking. The host now expects durable PostgreSQL-backed state for all canonical runtime stores; fixture-backed and in-memory repositories are injected only by explicit test harnesses.