generated from coulomb/repo-seed
tegwick
827ef9c1a0
T51: ContextResolver ABC + CONTEXT_RESOLVER_REGISTRY; resolve_context activity
updated to dispatch via registry (warns + binds {} on failure, never aborts run).
T52: RepoScopingContextResolver with 5-min in-process cache.
T53: StateHubContextResolver (no cache) for domain_summary and repo_sbom_status.
T54: activity-definitions/weekly-sbom-staleness.md (Monday 09:00 Berlin, cron
trigger, flag-stale-sbom rule at >30 days) + tasks/sbom-rescan.md template.
T55: 51 parametrized evaluator tests — all whitelisted operators, unsafe
expression rejection, empty condition, missing attribute, nested context access.
T56: 15 executor safety tests — UntrustedFieldError, object-type rejection,
injection fixture, LLM retry on bad JSON, review_required field.
T57: 6 integration tests — parses real definition, evaluates rule per-repo
(stale/fresh boundary), emits via NullSink, verifies spawn log entries.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
27 lines
606 B
Markdown
27 lines
606 B
Markdown
---
|
|
id: sbom-rescan
|
|
title_template: "Run SBOM rescan — {target_repo}"
|
|
default_priority: medium
|
|
default_labels: ["sbom", "security", "automated"]
|
|
default_assignee: null
|
|
---
|
|
|
|
# SBOM Rescan Task Template
|
|
|
|
## Description
|
|
|
|
An SBOM rescan is overdue for `{target_repo}`. The repository's last recorded
|
|
SBOM scan exceeds the 30-day staleness threshold.
|
|
|
|
## Steps
|
|
|
|
Run the following from the workstation:
|
|
|
|
```sh
|
|
cd ~/the-custodian/state-hub
|
|
make ingest-sbom REPO={target_repo} SCAN=1
|
|
```
|
|
|
|
The scan updates `last_sbom_at` in the State Hub and ingests the new SBOM into
|
|
the licence and dependency tracking tables.
|