stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
f4eb64fefcd7d2353b42aed44cb732780e861ea4
git.stella-ops.org/docs-archived/product/advisories/10-Feb-2026 - SBOM attestation Postgres hot lookup profile.md
master cf5b72974f save checkpoint
2026-02-11 01:32:14 +02:00

1.3 KiB
Raw Blame History

10-Feb-2026 - SBOM attestation Postgres hot lookup profile

Advisory source

  • Source: user-provided product advisory text (analysis session, 2026-02-10 UTC).
  • Scope: PostgreSQL storage/query shape for SBOM and attestation hot lookups (digest, component, VEX triage), partitioning, and retention.

Outcome

  • Result: partial gaps confirmed.
  • Decision: advisory translated into docs + sprint tasks and archived.

Confirmed gap themes

  • Scanner lacks an explicit contract for a partitioned Postgres hot-lookup projection that supports direct SQL lookup by digest/PURL/pending-triage state.
  • Existing CAS-first architecture and BOM-index sidecar strategy remain valid, but the Postgres projection boundary and operational lifecycle needed formalization.
  • Analytics separation is already present, but scanner OLTP vs analytics responsibility needed clearer contract language.

Translation artifacts

  • Active sprint: docs/implplan/SPRINT_20260210_001_DOCS_sbom_attestation_hot_lookup_contract.md
  • High-level docs update: docs/key-features.md
  • Module contract: docs/modules/scanner/sbom-attestation-hot-lookup-profile.md

Notes

  • Supersedes/extends:
    • docs-archived/product/advisories/14-Dec-2025/01-Dec-2025 - PostgreSQL Patterns for Each StellaOps Module.md
  • External web fetches: none.