Benjamin_Boenisch/breakpilot-lehrer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2ec4d8aabd90c075b7abfec319314efeaa08712a
breakpilot-lehrer/website/components/admin/system-info-configs/sbom-config.ts
Benjamin Boenisch 5a31f52310 Initial commit: breakpilot-lehrer - Lehrer KI Platform 
Services: Admin-Lehrer, Backend-Lehrer, Studio v2, Website,
Klausur-Service, School-Service, Voice-Service, Geo-Service,
BreakPilot Drive, Agent-Core

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 23:47:26 +01:00

177 lines
8.4 KiB
TypeScript
Raw Blame History

import type { SystemInfoConfig } from './types'
export const sbomConfig: SystemInfoConfig = {
title: 'SBOM System-Info',
description: 'Software Bill of Materials fuer Compliance und Security.',
version: '1.0',
architecture: {
layers: [
{ title: 'SBOM Dashboard', components: ['Dependency Tree', 'License Overview', 'CVE Alerts'], color: '#3b82f6' },
{ title: 'Generators', components: ['Syft', 'Trivy', 'CycloneDX'], color: '#8b5cf6' },
{ title: 'Analysis', components: ['License Checker', 'CVE Matcher', 'Outdated Detector'], color: '#10b981' },
{ title: 'Reports', components: ['JSON', 'SPDX', 'CycloneDX'], color: '#f59e0b' },
],
},
features: [
{ name: 'Dependency Scanning', status: 'active', description: 'Automatische Erkennung' },
{ name: 'License Compliance', status: 'active', description: 'Lizenz-Pruefung' },
{ name: 'CVE Matching', status: 'active', description: 'Schwachstellen-Erkennung' },
{ name: 'Automatic Updates', status: 'planned', description: 'Dependabot-artige Updates' },
],
roadmap: [
{ phase: 'Phase 1: Generation (Q1)', priority: 'high', items: ['Multi-Format Export', 'CI/CD Integration', 'Container SBOM', 'Runtime SBOM'] },
{ phase: 'Phase 2: Analysis (Q2)', priority: 'medium', items: ['License Risk Scoring', 'Transitive Dependencies', 'Version Comparison', 'Diff Reports'] },
{ phase: 'Phase 3: Governance (Q3)', priority: 'low', items: ['Policy Engine', 'Approval Workflow', 'Audit Trail', 'Supplier Management'] },
],
technicalDetails: [
{ component: 'Generator', technology: 'Syft', version: '1.x', description: 'SBOM Creation' },
{ component: 'Format', technology: 'CycloneDX', version: '1.5', description: 'Standard Format' },
{ component: 'CVE DB', technology: 'NVD/OSV', description: 'Vulnerability Data' },
{ component: 'License DB', technology: 'SPDX', description: 'License Identifiers' },
],
auditInfo: [
{
category: 'SBOM Status',
items: [
{ label: 'Letzte Generierung', value: 'CI/CD', status: 'ok' },
{ label: 'Format', value: 'CycloneDX 1.5', status: 'ok' },
{ label: 'Komponenten', value: 'Alle erfasst', status: 'ok' },
{ label: 'Transitive Deps', value: 'Inkludiert', status: 'ok' },
],
},
{
category: 'Vulnerability Status',
items: [
{ label: 'Kritische CVEs', value: '0', status: 'ok' },
{ label: 'Hohe CVEs', value: '0', status: 'ok' },
{ label: 'Outdated Packages', value: 'Tracking', status: 'warning' },
{ label: 'EOL Dependencies', value: '0', status: 'ok' },
],
},
{
category: 'License Compliance',
items: [
{ label: 'Erlaubte Lizenzen', value: 'MIT, Apache, BSD', status: 'ok' },
{ label: 'Copyleft (GPL)', value: '0', status: 'ok' },
{ label: 'Unbekannte Lizenzen', value: '0', status: 'ok' },
{ label: 'Kommerzielle', value: 'Review erforderlich', status: 'warning' },
],
},
],
fullDocumentation: `
<h2>Software Bill of Materials (SBOM)</h2>
<h3>1. Uebersicht</h3>
<p>Das SBOM-Modul generiert und analysiert die vollstaendige Komponentenliste aller Software-Abhaengigkeiten. Es dient der Compliance, Sicherheit und Supply-Chain-Transparenz.</p>
<h3>2. SBOM-Generierung</h3>
<pre>
Source Code
v
┌───────────────────────────────────────────────────────────────┐
│ SBOM Generators │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │ Syft │ │ Trivy │ │ Native Tooling │ │
│ │ (Primary) │ │ (Validation)│ │ (npm, go mod, pip) │ │
│ └──────┬──────┘ └──────┬──────┘ └──────────┬──────────┘ │
└─────────┼────────────────┼────────────────────┼───────────────┘
│ │ │
└────────────────┴────────────────────┘
v
┌────────────────┐
│ CycloneDX │
│ Format │
└────────────────┘
</pre>
<h3>3. Erfasste Komponenten</h3>
<table>
<tr><th>Typ</th><th>Quelle</th><th>Beispiele</th></tr>
<tr><td>npm packages</td><td>package-lock.json</td><td>react, next, tailwindcss, fabric.js, pdf-lib</td></tr>
<tr><td>Go modules</td><td>go.sum</td><td>gin, gorm, jwt-go</td></tr>
<tr><td>Python packages</td><td>requirements.txt</td><td>fastapi, pydantic, httpx</td></tr>
<tr><td>Container Images</td><td>Dockerfile</td><td>node:20-alpine, postgres:16</td></tr>
<tr><td>OS Packages</td><td>apk, apt</td><td>openssl, libpq</td></tr>
</table>
<h3>4. API Endpoints</h3>
<table>
<tr><th>Endpoint</th><th>Methode</th><th>Beschreibung</th></tr>
<tr><td>/api/sbom/generate</td><td>POST</td><td>SBOM neu generieren</td></tr>
<tr><td>/api/sbom/latest</td><td>GET</td><td>Aktuelles SBOM</td></tr>
<tr><td>/api/sbom/vulnerabilities</td><td>GET</td><td>CVE-Liste</td></tr>
<tr><td>/api/sbom/licenses</td><td>GET</td><td>Lizenz-Uebersicht</td></tr>
<tr><td>/api/sbom/diff</td><td>GET</td><td>Vergleich mit vorheriger Version</td></tr>
</table>
<h3>5. Vulnerability Scanning</h3>
<pre>
SBOM
v
┌────────────────────────────────────────┐
│ Vulnerability Databases │
│ ├── NVD (National Vulnerability DB) │
│ ├── OSV (Open Source Vulnerabilities)│
│ ├── GitHub Advisory Database │
│ └── Vendor-specific (npm, Go, PyPI) │
└──────────────────┬─────────────────────┘
v
┌────────────────────────────────────────┐
│ CVE Matching Engine │
│ ├── Version Range Checking │
│ ├── CVSS Scoring │
│ └── Exploitability Assessment │
└──────────────────┬─────────────────────┘
v
┌────────────────────────────────────────┐
│ Alert & Report │
│ ├── Kritisch: Sofort-Benachrichtigung│
│ ├── Hoch: Tages-Report │
│ └── Mittel/Niedrig: Wochen-Report │
└────────────────────────────────────────┘
</pre>
<h3>6. License Compliance</h3>
<table>
<tr><th>Kategorie</th><th>Lizenzen</th><th>Status</th></tr>
<tr><td>Permissive (erlaubt)</td><td>MIT, Apache 2.0, BSD, ISC</td><td>OK</td></tr>
<tr><td>Weak Copyleft</td><td>LGPL, MPL</td><td>Review</td></tr>
<tr><td>Strong Copyleft</td><td>GPL, AGPL</td><td>Nicht erlaubt</td></tr>
<tr><td>Proprietaer</td><td>Commercial</td><td>Genehmigung</td></tr>
</table>
<h3>7. CI/CD Integration</h3>
<pre>
CI Pipeline
├── Build Stage
│ └── SBOM generieren
├── Security Stage
│ ├── CVE Scan
│ └── License Check
├── Gate
│ ├── Critical CVE → Block
│ ├── GPL License → Block
│ └── High CVE → Warning
└── Publish Stage
└── SBOM archivieren
</pre>
<h3>8. Aufbewahrung & Compliance</h3>
<ul>
<li><strong>Retention:</strong> 5 Jahre (Compliance)</li>
<li><strong>Format:</strong> JSON + PDF Report</li>
<li><strong>Signierung:</strong> Digital signiert</li>
<li><strong>Audit:</strong> Jederzeit abrufbar</li>
</ul>
`,
}
Reference in New Issue View Git Blame Copy Permalink