stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
f4eb64fefcd7d2353b42aed44cb732780e861ea4
git.stella-ops.org/docs/features/checked/scanner/layer-sbom-cache-with-hash-based-reuse.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

3.4 KiB
Raw Blame History

Layer-SBOM Cache with Hash-Based Reuse

Module

Scanner

Status

VERIFIED

Description

Layer-level SBOM caching is implemented with a dedicated cache store, cache entries, put requests, maintenance service, and a LayerSbomService that integrates with the scanner pipeline.

Implementation Details

  • Cache Abstractions:
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/Abstractions/ILayerCacheStore.cs - ILayerCacheStore interface defining cache operations (get, put, evict)
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/Abstractions/LayerCacheEntry.cs - LayerCacheEntry model for cached layer SBOM data keyed by layer hash
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/Abstractions/LayerCachePutRequest.cs - LayerCachePutRequest model for inserting new cache entries
  • Cache Store:
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerCache/LayerCacheStore.cs - LayerCacheStore implementation with hash-based lookup and TTL-based eviction
  • Content-Addressable Storage:
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerSbomCas/ILayerSbomCas.cs - ILayerSbomCas interface for content-addressable SBOM storage
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/LayerSbomCas/PostgresLayerSbomCas.cs - PostgresLayerSbomCas PostgreSQL-backed content-addressable store for layer SBOMs
  • Maintenance:
    • src/Scanner/__Libraries/StellaOps.Scanner.Cache/Maintenance/ScannerCacheMaintenanceService.cs - ScannerCacheMaintenanceService handles cache cleanup, TTL-based eviction, and storage management
  • DI Registration: src/Scanner/__Libraries/StellaOps.Scanner.Cache/ScannerCacheServiceCollectionExtensions.cs
  • WebService Integration:
    • src/Scanner/StellaOps.Scanner.WebService/Services/ILayerSbomService.cs - ILayerSbomService interface for layer SBOM operations
    • src/Scanner/StellaOps.Scanner.WebService/Services/LayerSbomService.cs - LayerSbomService integrates cache with the scanner pipeline
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/LayerSbomEndpoints.cs - REST endpoints for layer SBOM retrieval
  • Layer Composition:
    • src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/LayerSbomComposer.cs - Composes per-layer SBOMs
    • src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/ILayerSbomWriter.cs - Interface for writing per-layer SBOMs
    • src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/SpdxLayerWriter.cs - SPDX format layer writer
    • src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/CycloneDxLayerWriter.cs - CycloneDX format layer writer

E2E Test Plan

  • Scan an image and verify layer SBOMs are cached by layer hash in the content-addressable store
  • Rescan an image sharing cached layers and verify cached layer SBOMs are reused (cache hit) without re-analysis
  • Verify cache entries include correct TTL metadata and are evicted after expiry by the maintenance service
  • Retrieve a per-layer SBOM via the LayerSbomEndpoints REST API and verify it contains the correct components for that layer
  • Verify cache put requests correctly store new layer SBOM data with content-addressed keys
  • Verify the maintenance service runs periodic cleanup and removes stale cache entries

Verification

Check Result
Tier 0 - Source files exist PASS
Tier 1 - Build + code review PASS
Tier 2 - Integration tests PASS
Verified 2026-02-13T18:10:00Z