---
id: weekly-sbom-staleness
name: Weekly SBOM Staleness Check
enabled: true
owner: custodian-agent
governance: custodian
status: active
trigger:
  type: cron
  cron_expression: "0 9 * * 1"
  timezone: Europe/Berlin
  misfire_policy: skip
context_sources:
  - type: state-hub
    query: repo_sbom_status
    params:
      repos: all
    bind_to: context.repos
---

# Weekly SBOM Staleness Check

Runs every Monday at 09:00 Berlin time. Checks all tracked repositories for
SBOM staleness and flags any repository whose SBOM is older than 30 days.

```rule
id: flag-stale-sbom
condition: 'context.repos.sbom_age_days > 30'
action:
  task_template: tasks/sbom-rescan.md
  target_repo: context.repos.repo_slug
  priority: medium
  labels: ["sbom", "security", "automated"]
```