Benjamin Admin
1cf5de1d45
Phase 1 — Intake + Scope + Path: - Migration 119: compliance_cra_projects table (intake + classification + path + status state machine) - Backend service cra_routes.py: CRUD + scope-check + path-select - Deterministic Annex III/IV classifier (verbatim mapping from migration 059 wiki) - Path validation per classification (CRITICAL → notified_body mandatory) - Frontend: project list, dashboard, 3-step wizard (intake/scope/path) - Sidebar entry under "CRA Compliance" (red) Phase 2 — Annex I Requirements + Priorisierungs-Backlog: - cra_annex_i_data.py: 40 Annex-I requirements (8 categories), 9 measures (M540-M548), 3 CRA deadlines - Endpoints: /requirements (40 items), /backlog (priority-sorted with deadline pressure) - Frontend: requirements table with filters + expandable details, backlog with deadline banner + score-ranked table - Dashboard KPI cards (Critical count, days to CE deadline, etc.) + top-10 backlog snippet Phase 3 — SBOM Upload + Automated Checks: - Migration 120: compliance_cra_sboms (versioned uploads, CycloneDX + SPDX) - SBOM endpoints: POST /sbom/upload (format detection, summary extraction), GET /sboms - Checks reuse compliance_evidence_checks: init creates 6 default CRA checks, run executes - Real implementations: cra_security_txt (HTTP + Contact: line) and cra_tls_cert_check (TLS handshake) - Frontend: SBOM file upload + version list, Checks page with per-check URL input + Run button Backend-Reuse: gap_projects (intake pre-population), compliance_evidence_checks/_check_results. Tenant scoping via existing X-Tenant-ID header pattern. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
24 lines
1.2 KiB
SQL
24 lines
1.2 KiB
SQL
-- Migration 120: CRA Project SBOMs + reuse existing compliance_evidence_checks
|
|
-- For SBOM uploads (CycloneDX/SPDX), we add a dedicated table to track versions.
|
|
-- For automated checks (security.txt etc.), we reuse compliance_evidence_checks.
|
|
|
|
CREATE TABLE IF NOT EXISTS compliance_cra_sboms (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
cra_project_id UUID NOT NULL,
|
|
tenant_id VARCHAR(255) NOT NULL,
|
|
filename VARCHAR(500) NOT NULL,
|
|
format VARCHAR(20) NOT NULL, -- 'cyclonedx' | 'spdx'
|
|
spec_version VARCHAR(20),
|
|
component_count INTEGER DEFAULT 0,
|
|
raw_content JSONB NOT NULL DEFAULT '{}'::jsonb,
|
|
summary JSONB DEFAULT '{}'::jsonb, -- top-level metadata extracted
|
|
scan_status VARCHAR(20) DEFAULT 'pending', -- pending | scanned | failed
|
|
scan_summary JSONB DEFAULT '{}'::jsonb, -- osv.dev results (Phase 3.5)
|
|
uploaded_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
scanned_at TIMESTAMPTZ
|
|
);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_cra_sboms_project ON compliance_cra_sboms(cra_project_id);
|
|
CREATE INDEX IF NOT EXISTS idx_cra_sboms_tenant ON compliance_cra_sboms(tenant_id);
|
|
CREATE INDEX IF NOT EXISTS idx_cra_sboms_uploaded ON compliance_cra_sboms(cra_project_id, uploaded_at DESC);
|