SbomService
Status: Implemented
Source: src/SbomService/
Owner: Scanner Guild
Purpose
SbomService provides SBOM storage, versioning, and lineage tracking. Maintains the canonical SBOM repository with support for SPDX 3.0.1 and CycloneDX 1.6 formats, including temporal queries and dependency graph analysis.
Components
Services:
StellaOps.SbomService- Main SBOM service with API and business logic
Libraries:
StellaOps.SbomService.Storage.Postgres- PostgreSQL storage adapter for SBOM persistenceStellaOps.SbomService.Storage.Postgres.Tests- Storage layer integration tests
Configuration
Configuration is embedded in the service module settings.
Key settings:
- PostgreSQL connection (schema:
sbom_service) - Authority integration
- SBOM format support (SPDX, CycloneDX)
- Versioning and lineage policies
- Retention settings
Dependencies
- PostgreSQL (schema:
sbom_service) - Authority (authentication)
- Scanner (SBOM generation source)
- Attestor (SBOM attestation integration)
- ExportCenter (SBOM export and distribution)
Related Documentation
- Architecture:
./architecture.md - Scanner:
../scanner/ - Attestor:
../attestor/ - Data Schemas:
../../11_DATA_SCHEMAS.md
Current Status
Implemented with PostgreSQL storage backend. Supports SBOM ingestion, versioning, and lineage tracking. Provides API for SBOM queries and temporal analysis.