stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: add Attestation Chain and Triage Evidence API clients and models

Browse Source 
- Implemented Attestation Chain API client with methods for verifying, fetching, and managing attestation chains.
- Created models for Attestation Chain, including DSSE envelope structures and verification results.
- Developed Triage Evidence API client for fetching finding evidence, including methods for evidence retrieval by CVE and component.
- Added models for Triage Evidence, encapsulating evidence responses, entry points, boundary proofs, and VEX evidence.
- Introduced mock implementations for both API clients to facilitate testing and development.
This commit is contained in:
master
2025-12-18 13:15:13 +02:00
parent 7d5250238c
commit 00d2c99af9
118 changed files with 13463 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/Scanner/__Libraries/StellaOps.Scanner.Emit/Native/NativeBinaryMetadata.cs Normal file
View File

@@ -0,0 +1,55 @@
namespace StellaOps.Scanner.Emit.Native;
/// <summary>
/// Metadata for a native binary component.
/// </summary>
public sealed record NativeBinaryMetadata
{
/// <summary>Binary format (elf, pe, macho)</summary>
public required string Format { get; init; }
/// <summary>Build-ID with prefix (gnu-build-id:..., pe-cv:..., macho-uuid:...)</summary>
public string? BuildId { get; init; }
/// <summary>CPU architecture (x86_64, aarch64, arm, i686, etc.)</summary>
public string? Architecture { get; init; }
/// <summary>Whether this is a 64-bit binary</summary>
public bool Is64Bit { get; init; }
/// <summary>Operating system or platform</summary>
public string? Platform { get; init; }
/// <summary>File path within the container layer</summary>
public required string FilePath { get; init; }
/// <summary>SHA-256 digest of the file</summary>
public string? FileDigest { get; init; }
/// <summary>File size in bytes</summary>
public long FileSize { get; init; }
/// <summary>Container layer digest where this binary was introduced</summary>
public string? LayerDigest { get; init; }
/// <summary>Layer index (0-based)</summary>
public int LayerIndex { get; init; }
/// <summary>Product version from PE version resource</summary>
public string? ProductVersion { get; init; }
/// <summary>File version from PE version resource</summary>
public string? FileVersion { get; init; }
/// <summary>Company name from PE version resource</summary>
public string? CompanyName { get; init; }
/// <summary>Hardening flags (PIE, RELRO, NX, etc.)</summary>
public IReadOnlyDictionary<string, string>? HardeningFlags { get; init; }
/// <summary>Whether the binary is signed</summary>
public bool IsSigned { get; init; }
/// <summary>Signature details (Authenticode, codesign, etc.)</summary>
public string? SignatureDetails { get; init; }
}