stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Refactor code structure for improved readability and maintainability; optimize performance in key functions.

Browse Source
This commit is contained in:
master
2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 0536a4f7d4
1443 changed files with 109671 additions and 7840 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/schemas/cyclonedx-bom-1.7.schema.json Normal file
View File

File diff suppressed because one or more lines are too long

219
docs/schemas/findings-evidence-api.openapi.yaml Normal file
View File

@@ -0,0 +1,219 @@
openapi: 3.1.0
info:
title: StellaOps Findings Evidence API
version: 1.0.0
description: |
OpenAPI specification for the findings evidence endpoint.
Supports explainable triage evidence retrieval for a finding or batch.
contact:
name: StellaOps API Team
email: api@stella-ops.org
license:
name: AGPL-3.0-or-later
identifier: AGPL-3.0-or-later
servers:
- url: https://api.stella-ops.org
description: Production
- url: https://api.staging.stella-ops.org
description: Staging
tags:
- name: evidence
description: Evidence lookups for findings
paths:
/api/v1/findings/{findingId}/evidence:
get:
operationId: getFindingEvidence
summary: Get consolidated evidence for a finding
tags: [evidence]
parameters:
- name: findingId
in: path
required: true
schema:
type: string
description: Finding identifier (UUID).
- name: includeRaw
in: query
required: false
schema:
type: boolean
default: false
description: Include raw source locations (requires elevated scope).
responses:
"200":
description: Evidence retrieved successfully.
content:
application/json:
schema:
$ref: "#/components/schemas/FindingEvidenceResponse"
"403":
description: Insufficient permissions for raw source.
"404":
description: Finding not found.
/api/v1/findings/evidence/batch:
post:
operationId: getFindingsEvidenceBatch
summary: Get evidence for multiple findings
tags: [evidence]
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/BatchEvidenceRequest"
responses:
"200":
description: Evidence batch retrieved.
content:
application/json:
schema:
$ref: "#/components/schemas/BatchEvidenceResponse"
"400":
description: Invalid batch request.
components:
schemas:
FindingEvidenceResponse:
type: object
required: [finding_id, cve, component, last_seen, freshness]
properties:
finding_id:
type: string
cve:
type: string
component:
$ref: "#/components/schemas/ComponentInfo"
reachable_path:
type: array
items:
type: string
entrypoint:
$ref: "#/components/schemas/EntrypointInfo"
vex:
$ref: "#/components/schemas/VexStatusInfo"
last_seen:
type: string
format: date-time
attestation_refs:
type: array
items:
type: string
score:
$ref: "#/components/schemas/ScoreInfo"
boundary:
$ref: "#/components/schemas/BoundaryInfo"
freshness:
$ref: "#/components/schemas/FreshnessInfo"
ComponentInfo:
type: object
required: [name, version]
properties:
name:
type: string
version:
type: string
purl:
type: string
ecosystem:
type: string
EntrypointInfo:
type: object
required: [type]
properties:
type:
type: string
route:
type: string
method:
type: string
auth:
type: string
VexStatusInfo:
type: object
required: [status]
properties:
status:
type: string
justification:
type: string
timestamp:
type: string
format: date-time
issuer:
type: string
ScoreInfo:
type: object
required: [risk_score]
properties:
risk_score:
type: integer
minimum: 0
maximum: 100
contributions:
type: array
items:
$ref: "#/components/schemas/ScoreContribution"
ScoreContribution:
type: object
required: [factor, value]
properties:
factor:
type: string
value:
type: integer
reason:
type: string
BoundaryInfo:
type: object
required: [surface, exposure]
properties:
surface:
type: string
exposure:
type: string
auth:
$ref: "#/components/schemas/AuthInfo"
controls:
type: array
items:
type: string
AuthInfo:
type: object
required: [mechanism]
properties:
mechanism:
type: string
required_scopes:
type: array
items:
type: string
FreshnessInfo:
type: object
required: [is_stale]
properties:
is_stale:
type: boolean
expires_at:
type: string
format: date-time
ttl_remaining_hours:
type: integer
BatchEvidenceRequest:
type: object
required: [finding_ids]
properties:
finding_ids:
type: array
items:
type: string
BatchEvidenceResponse:
type: object
required: [findings]
properties:
findings:
type: array
items:
$ref: "#/components/schemas/FindingEvidenceResponse"

80
docs/schemas/predicates/boundary.v1.schema.json Normal file
View File

@@ -0,0 +1,80 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stella.ops/predicates/boundary@v1",
"title": "StellaOps Boundary Attestation Predicate",
"description": "Predicate for attack surface boundary detection.",
"type": "object",
"required": ["surface", "exposure", "observedAt"],
"properties": {
"surface": {
"type": "string",
"enum": ["http", "grpc", "tcp", "udp", "mqtt", "kafka", "cli", "internal"],
"description": "Type of attack surface."
},
"exposure": {
"type": "string",
"enum": ["public", "private", "internal", "localhost"],
"description": "Exposure level of the surface."
},
"observedAt": {
"type": "string",
"format": "date-time",
"description": "When the boundary was observed."
},
"endpoints": {
"type": "array",
"items": {
"$ref": "#/$defs/endpoint"
},
"description": "Detected endpoints on this surface."
},
"auth": {
"type": "object",
"properties": {
"mechanism": {
"type": "string",
"enum": ["none", "apikey", "jwt", "oauth2", "mtls", "basic"],
"description": "Authentication mechanism."
},
"required_scopes": {
"type": "array",
"items": { "type": "string" },
"description": "Required authorization scopes."
}
},
"description": "Authentication configuration."
},
"controls": {
"type": "array",
"items": { "type": "string" },
"description": "Security controls in place (e.g., rate-limit, WAF)."
},
"expiresAt": {
"type": "string",
"format": "date-time",
"description": "When this boundary observation expires (TTL: 72h)."
}
},
"$defs": {
"endpoint": {
"type": "object",
"required": ["route", "method"],
"properties": {
"route": {
"type": "string",
"description": "Route pattern (e.g., /api/users/:id)."
},
"method": {
"type": "string",
"enum": ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"],
"description": "HTTP method."
},
"auth": {
"type": "string",
"description": "Authentication requirement for this endpoint."
}
}
}
},
"additionalProperties": false
}

110
docs/schemas/predicates/human-approval.v1.schema.json Normal file
View File

@@ -0,0 +1,110 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stella.ops/predicates/human-approval@v1",
"title": "StellaOps Human Approval Attestation Predicate",
"description": "Predicate for human approval decision attestations.",
"type": "object",
"required": ["schema", "approval_id", "finding_id", "decision", "approver", "justification", "approved_at"],
"properties": {
"schema": {
"type": "string",
"const": "human-approval-v1",
"description": "Schema version identifier."
},
"approval_id": {
"type": "string",
"description": "Unique approval identifier."
},
"finding_id": {
"type": "string",
"description": "The finding ID (e.g., CVE identifier)."
},
"decision": {
"type": "string",
"enum": ["AcceptRisk", "Defer", "Reject", "Suppress", "Escalate"],
"description": "The approval decision."
},
"approver": {
"type": "object",
"required": ["user_id"],
"properties": {
"user_id": {
"type": "string",
"description": "The approver's user identifier (e.g., email)."
},
"display_name": {
"type": "string",
"description": "The approver's display name."
},
"role": {
"type": "string",
"description": "The approver's role in the organization."
},
"delegated_from": {
"type": "string",
"description": "Optional delegation chain."
}
}
},
"justification": {
"type": "string",
"minLength": 1,
"description": "Justification for the decision."
},
"approved_at": {
"type": "string",
"format": "date-time",
"description": "When the approval was made."
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "When the approval expires (default TTL: 30 days)."
},
"policy_decision_ref": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$",
"description": "Reference to the policy decision this approval is for."
},
"restrictions": {
"type": "object",
"properties": {
"environments": {
"type": "array",
"items": { "type": "string" },
"description": "Environments where the approval applies."
},
"max_instances": {
"type": "integer",
"minimum": 1,
"description": "Maximum number of affected instances."
},
"namespaces": {
"type": "array",
"items": { "type": "string" },
"description": "Namespaces where the approval applies."
},
"artifacts": {
"type": "array",
"items": { "type": "string" },
"description": "Specific images/artifacts the approval applies to."
},
"conditions": {
"type": "object",
"additionalProperties": { "type": "string" },
"description": "Custom conditions that must be met."
}
}
},
"supersedes": {
"type": "string",
"description": "Optional prior approval being superseded."
},
"metadata": {
"type": "object",
"additionalProperties": { "type": "string" },
"description": "Optional metadata."
}
},
"additionalProperties": false
}

94
docs/schemas/predicates/policy-decision.v1.schema.json Normal file
View File

@@ -0,0 +1,94 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stella.ops/predicates/policy-decision@v1",
"title": "StellaOps Policy Decision Attestation Predicate",
"description": "Predicate for policy evaluation decision attestations.",
"type": "object",
"required": ["finding_id", "cve", "component_purl", "decision", "reasoning", "evidence_refs", "evaluated_at", "policy_version"],
"properties": {
"finding_id": {
"type": "string",
"description": "The finding ID (CVE@PURL format)."
},
"cve": {
"type": "string",
"description": "The CVE identifier."
},
"component_purl": {
"type": "string",
"description": "The component Package URL."
},
"decision": {
"type": "string",
"enum": ["Allow", "Review", "Block", "Suppress", "Escalate"],
"description": "The policy decision result."
},
"reasoning": {
"type": "object",
"required": ["rules_evaluated", "rules_matched", "final_score", "risk_multiplier"],
"properties": {
"rules_evaluated": {
"type": "integer",
"minimum": 0,
"description": "Number of policy rules evaluated."
},
"rules_matched": {
"type": "array",
"items": { "type": "string" },
"description": "Names of policy rules that matched."
},
"final_score": {
"type": "number",
"minimum": 0,
"maximum": 100,
"description": "Final computed risk score (0-100)."
},
"risk_multiplier": {
"type": "number",
"minimum": 0,
"description": "Risk multiplier applied (1.0 = no change)."
},
"reachability_state": {
"type": "string",
"description": "Reachability state used in decision."
},
"vex_status": {
"type": "string",
"description": "VEX status used in decision."
},
"summary": {
"type": "string",
"description": "Human-readable summary of decision rationale."
}
}
},
"evidence_refs": {
"type": "array",
"items": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$"
},
"description": "References to evidence artifacts used in the decision."
},
"evaluated_at": {
"type": "string",
"format": "date-time",
"description": "When the decision was evaluated (UTC ISO 8601)."
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "When the decision expires (UTC ISO 8601)."
},
"policy_version": {
"type": "string",
"description": "Version of the policy used for evaluation."
},
"policy_hash": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$",
"description": "Hash of the policy configuration used."
}
},
"additionalProperties": false
}

81
docs/schemas/predicates/reachability.v1.schema.json Normal file
View File

@@ -0,0 +1,81 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stella.ops/predicates/reachability@v1",
"title": "StellaOps Reachability Attestation Predicate",
"description": "Predicate for reachability analysis results.",
"type": "object",
"required": ["result", "confidence", "graphDigest"],
"properties": {
"result": {
"type": "string",
"enum": ["reachable", "unreachable", "unknown"],
"description": "Reachability analysis result."
},
"confidence": {
"type": "number",
"minimum": 0,
"maximum": 1,
"description": "Confidence score (0-1)."
},
"graphDigest": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$",
"description": "Digest of the call graph used."
},
"paths": {
"type": "array",
"items": {
"$ref": "#/$defs/reachabilityPath"
},
"description": "Paths from entrypoints to vulnerable code."
},
"entrypoints": {
"type": "array",
"items": { "$ref": "#/$defs/entrypoint" },
"description": "Entrypoints considered."
},
"computedAt": {
"type": "string",
"format": "date-time"
},
"expiresAt": {
"type": "string",
"format": "date-time"
}
},
"$defs": {
"reachabilityPath": {
"type": "object",
"required": ["pathId", "steps"],
"properties": {
"pathId": { "type": "string" },
"steps": {
"type": "array",
"items": {
"type": "object",
"properties": {
"node": { "type": "string" },
"fileHash": { "type": "string" },
"lines": {
"type": "array",
"items": { "type": "integer" },
"minItems": 2,
"maxItems": 2
}
}
}
}
}
},
"entrypoint": {
"type": "object",
"required": ["type"],
"properties": {
"type": { "type": "string" },
"route": { "type": "string" },
"auth": { "type": "string" }
}
}
},
"additionalProperties": false
}

40
docs/schemas/predicates/sbom.v1.schema.json Normal file
View File

@@ -0,0 +1,40 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stella.ops/predicates/sbom@v1",
"title": "StellaOps SBOM Attestation Predicate",
"description": "Predicate for SBOM attestations linking software bill of materials to artifacts.",
"type": "object",
"required": ["format", "digest", "componentCount"],
"properties": {
"format": {
"type": "string",
"enum": ["cyclonedx-1.6", "spdx-3.0.1", "spdx-2.3"],
"description": "SBOM format specification."
},
"digest": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$",
"description": "Content-addressed digest of the SBOM document."
},
"componentCount": {
"type": "integer",
"minimum": 0,
"description": "Number of components in the SBOM."
},
"uri": {
"type": "string",
"format": "uri",
"description": "URI where the full SBOM can be retrieved."
},
"tooling": {
"type": "string",
"description": "Tool used to generate the SBOM."
},
"createdAt": {
"type": "string",
"format": "date-time",
"description": "When the SBOM was generated."
}
},
"additionalProperties": false
}

64
docs/schemas/predicates/vex.v1.schema.json Normal file
View File

@@ -0,0 +1,64 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stella.ops/predicates/vex@v1",
"title": "StellaOps VEX Attestation Predicate",
"description": "Predicate for VEX statements embedded in attestations.",
"type": "object",
"required": ["format", "statements"],
"properties": {
"format": {
"type": "string",
"enum": ["openvex", "csaf-vex", "cyclonedx-vex"],
"description": "VEX format specification."
},
"statements": {
"type": "array",
"items": {
"$ref": "#/$defs/vexStatement"
},
"minItems": 1,
"description": "VEX statements in this attestation."
},
"digest": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$",
"description": "Content-addressed digest of the VEX document."
},
"author": {
"type": "string",
"description": "Author of the VEX statements."
},
"timestamp": {
"type": "string",
"format": "date-time",
"description": "When the VEX was issued."
}
},
"$defs": {
"vexStatement": {
"type": "object",
"required": ["vulnerability", "status"],
"properties": {
"vulnerability": {
"type": "string",
"description": "CVE or vulnerability identifier."
},
"status": {
"type": "string",
"enum": ["affected", "not_affected", "under_investigation", "fixed"],
"description": "VEX status."
},
"justification": {
"type": "string",
"description": "Justification for not_affected status."
},
"products": {
"type": "array",
"items": { "type": "string" },
"description": "Affected products (PURLs)."
}
}
}
},
"additionalProperties": false
}

29
docs/schemas/spdx-jsonld-3.0.1.schema.json Normal file
View File

@@ -0,0 +1,29 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stellaops.io/schemas/spdx-jsonld-3.0.1.schema.json",
"title": "SPDX 3.0.1 JSON-LD (minimal)",
"type": "object",
"required": ["@context", "@graph"],
"properties": {
"@context": {
"const": "https://spdx.org/rdf/3.0.1/spdx-context.jsonld"
},
"@graph": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": ["type"],
"properties": {
"type": { "type": "string" },
"spdxId": { "type": "string" },
"@id": { "type": "string" }
},
"anyOf": [
{ "required": ["spdxId"] },
{ "required": ["@id"] }
]
}
}
}
}

643
docs/schemas/spdx-license-exceptions-3.21.json Normal file
View File

@@ -0,0 +1,643 @@
{
"licenseListVersion": "3.21",
"exceptions": [
{
"reference": "./389-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./389-exception.html",
"referenceNumber": 48,
"name": "389 Directory Server Exception",
"licenseExceptionId": "389-exception",
"seeAlso": [
"http://directory.fedoraproject.org/wiki/GPL_Exception_License_Text",
"https://web.archive.org/web/20080828121337/http://directory.fedoraproject.org/wiki/GPL_Exception_License_Text"
]
},
{
"reference": "./Asterisk-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Asterisk-exception.html",
"referenceNumber": 33,
"name": "Asterisk exception",
"licenseExceptionId": "Asterisk-exception",
"seeAlso": [
"https://github.com/asterisk/libpri/blob/7f91151e6bd10957c746c031c1f4a030e8146e9a/pri.c#L22",
"https://github.com/asterisk/libss7/blob/03e81bcd0d28ff25d4c77c78351ddadc82ff5c3f/ss7.c#L24"
]
},
{
"reference": "./Autoconf-exception-2.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Autoconf-exception-2.0.html",
"referenceNumber": 42,
"name": "Autoconf exception 2.0",
"licenseExceptionId": "Autoconf-exception-2.0",
"seeAlso": [
"http://ac-archive.sourceforge.net/doc/copyright.html",
"http://ftp.gnu.org/gnu/autoconf/autoconf-2.59.tar.gz"
]
},
{
"reference": "./Autoconf-exception-3.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Autoconf-exception-3.0.html",
"referenceNumber": 41,
"name": "Autoconf exception 3.0",
"licenseExceptionId": "Autoconf-exception-3.0",
"seeAlso": [
"http://www.gnu.org/licenses/autoconf-exception-3.0.html"
]
},
{
"reference": "./Autoconf-exception-generic.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Autoconf-exception-generic.html",
"referenceNumber": 4,
"name": "Autoconf generic exception",
"licenseExceptionId": "Autoconf-exception-generic",
"seeAlso": [
"https://launchpad.net/ubuntu/precise/+source/xmltooling/+copyright",
"https://tracker.debian.org/media/packages/s/sipwitch/copyright-1.9.15-3",
"https://opensource.apple.com/source/launchd/launchd-258.1/launchd/compile.auto.html"
]
},
{
"reference": "./Autoconf-exception-macro.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Autoconf-exception-macro.html",
"referenceNumber": 19,
"name": "Autoconf macro exception",
"licenseExceptionId": "Autoconf-exception-macro",
"seeAlso": [
"https://github.com/freedesktop/xorg-macros/blob/39f07f7db58ebbf3dcb64a2bf9098ed5cf3d1223/xorg-macros.m4.in",
"https://www.gnu.org/software/autoconf-archive/ax_pthread.html",
"https://launchpad.net/ubuntu/precise/+source/xmltooling/+copyright"
]
},
{
"reference": "./Bison-exception-2.2.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Bison-exception-2.2.html",
"referenceNumber": 11,
"name": "Bison exception 2.2",
"licenseExceptionId": "Bison-exception-2.2",
"seeAlso": [
"http://git.savannah.gnu.org/cgit/bison.git/tree/data/yacc.c?id\u003d193d7c7054ba7197b0789e14965b739162319b5e#n141"
]
},
{
"reference": "./Bootloader-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Bootloader-exception.html",
"referenceNumber": 50,
"name": "Bootloader Distribution Exception",
"licenseExceptionId": "Bootloader-exception",
"seeAlso": [
"https://github.com/pyinstaller/pyinstaller/blob/develop/COPYING.txt"
]
},
{
"reference": "./Classpath-exception-2.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Classpath-exception-2.0.html",
"referenceNumber": 36,
"name": "Classpath exception 2.0",
"licenseExceptionId": "Classpath-exception-2.0",
"seeAlso": [
"http://www.gnu.org/software/classpath/license.html",
"https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception"
]
},
{
"reference": "./CLISP-exception-2.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./CLISP-exception-2.0.html",
"referenceNumber": 9,
"name": "CLISP exception 2.0",
"licenseExceptionId": "CLISP-exception-2.0",
"seeAlso": [
"http://sourceforge.net/p/clisp/clisp/ci/default/tree/COPYRIGHT"
]
},
{
"reference": "./cryptsetup-OpenSSL-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./cryptsetup-OpenSSL-exception.html",
"referenceNumber": 39,
"name": "cryptsetup OpenSSL exception",
"licenseExceptionId": "cryptsetup-OpenSSL-exception",
"seeAlso": [
"https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/COPYING",
"https://gitlab.nic.cz/datovka/datovka/-/blob/develop/COPYING",
"https://github.com/nbs-system/naxsi/blob/951123ad456bdf5ac94e8d8819342fe3d49bc002/naxsi_src/naxsi_raw.c",
"http://web.mit.edu/jgross/arch/amd64_deb60/bin/mosh"
]
},
{
"reference": "./DigiRule-FOSS-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./DigiRule-FOSS-exception.html",
"referenceNumber": 20,
"name": "DigiRule FOSS License Exception",
"licenseExceptionId": "DigiRule-FOSS-exception",
"seeAlso": [
"http://www.digirulesolutions.com/drupal/foss"
]
},
{
"reference": "./eCos-exception-2.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./eCos-exception-2.0.html",
"referenceNumber": 38,
"name": "eCos exception 2.0",
"licenseExceptionId": "eCos-exception-2.0",
"seeAlso": [
"http://ecos.sourceware.org/license-overview.html"
]
},
{
"reference": "./Fawkes-Runtime-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Fawkes-Runtime-exception.html",
"referenceNumber": 8,
"name": "Fawkes Runtime Exception",
"licenseExceptionId": "Fawkes-Runtime-exception",
"seeAlso": [
"http://www.fawkesrobotics.org/about/license/"
]
},
{
"reference": "./FLTK-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./FLTK-exception.html",
"referenceNumber": 18,
"name": "FLTK exception",
"licenseExceptionId": "FLTK-exception",
"seeAlso": [
"http://www.fltk.org/COPYING.php"
]
},
{
"reference": "./Font-exception-2.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Font-exception-2.0.html",
"referenceNumber": 7,
"name": "Font exception 2.0",
"licenseExceptionId": "Font-exception-2.0",
"seeAlso": [
"http://www.gnu.org/licenses/gpl-faq.html#FontException"
]
},
{
"reference": "./freertos-exception-2.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./freertos-exception-2.0.html",
"referenceNumber": 47,
"name": "FreeRTOS Exception 2.0",
"licenseExceptionId": "freertos-exception-2.0",
"seeAlso": [
"https://web.archive.org/web/20060809182744/http://www.freertos.org/a00114.html"
]
},
{
"reference": "./GCC-exception-2.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./GCC-exception-2.0.html",
"referenceNumber": 54,
"name": "GCC Runtime Library exception 2.0",
"licenseExceptionId": "GCC-exception-2.0",
"seeAlso": [
"https://gcc.gnu.org/git/?p\u003dgcc.git;a\u003dblob;f\u003dgcc/libgcc1.c;h\u003d762f5143fc6eed57b6797c82710f3538aa52b40b;hb\u003dcb143a3ce4fb417c68f5fa2691a1b1b1053dfba9#l10"
]
},
{
"reference": "./GCC-exception-3.1.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./GCC-exception-3.1.html",
"referenceNumber": 27,
"name": "GCC Runtime Library exception 3.1",
"licenseExceptionId": "GCC-exception-3.1",
"seeAlso": [
"http://www.gnu.org/licenses/gcc-exception-3.1.html"
]
},
{
"reference": "./GNAT-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./GNAT-exception.html",
"referenceNumber": 13,
"name": "GNAT exception",
"licenseExceptionId": "GNAT-exception",
"seeAlso": [
"https://github.com/AdaCore/florist/blob/master/libsrc/posix-configurable_file_limits.adb"
]
},
{
"reference": "./gnu-javamail-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./gnu-javamail-exception.html",
"referenceNumber": 34,
"name": "GNU JavaMail exception",
"licenseExceptionId": "gnu-javamail-exception",
"seeAlso": [
"http://www.gnu.org/software/classpathx/javamail/javamail.html"
]
},
{
"reference": "./GPL-3.0-interface-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./GPL-3.0-interface-exception.html",
"referenceNumber": 21,
"name": "GPL-3.0 Interface Exception",
"licenseExceptionId": "GPL-3.0-interface-exception",
"seeAlso": [
"https://www.gnu.org/licenses/gpl-faq.en.html#LinkingOverControlledInterface"
]
},
{
"reference": "./GPL-3.0-linking-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./GPL-3.0-linking-exception.html",
"referenceNumber": 1,
"name": "GPL-3.0 Linking Exception",
"licenseExceptionId": "GPL-3.0-linking-exception",
"seeAlso": [
"https://www.gnu.org/licenses/gpl-faq.en.html#GPLIncompatibleLibs"
]
},
{
"reference": "./GPL-3.0-linking-source-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./GPL-3.0-linking-source-exception.html",
"referenceNumber": 37,
"name": "GPL-3.0 Linking Exception (with Corresponding Source)",
"licenseExceptionId": "GPL-3.0-linking-source-exception",
"seeAlso": [
"https://www.gnu.org/licenses/gpl-faq.en.html#GPLIncompatibleLibs",
"https://github.com/mirror/wget/blob/master/src/http.c#L20"
]
},
{
"reference": "./GPL-CC-1.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./GPL-CC-1.0.html",
"referenceNumber": 52,
"name": "GPL Cooperation Commitment 1.0",
"licenseExceptionId": "GPL-CC-1.0",
"seeAlso": [
"https://github.com/gplcc/gplcc/blob/master/Project/COMMITMENT",
"https://gplcc.github.io/gplcc/Project/README-PROJECT.html"
]
},
{
"reference": "./GStreamer-exception-2005.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./GStreamer-exception-2005.html",
"referenceNumber": 35,
"name": "GStreamer Exception (2005)",
"licenseExceptionId": "GStreamer-exception-2005",
"seeAlso": [
"https://gstreamer.freedesktop.org/documentation/frequently-asked-questions/licensing.html?gi-language\u003dc#licensing-of-applications-using-gstreamer"
]
},
{
"reference": "./GStreamer-exception-2008.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./GStreamer-exception-2008.html",
"referenceNumber": 30,
"name": "GStreamer Exception (2008)",
"licenseExceptionId": "GStreamer-exception-2008",
"seeAlso": [
"https://gstreamer.freedesktop.org/documentation/frequently-asked-questions/licensing.html?gi-language\u003dc#licensing-of-applications-using-gstreamer"
]
},
{
"reference": "./i2p-gpl-java-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./i2p-gpl-java-exception.html",
"referenceNumber": 40,
"name": "i2p GPL+Java Exception",
"licenseExceptionId": "i2p-gpl-java-exception",
"seeAlso": [
"http://geti2p.net/en/get-involved/develop/licenses#java_exception"
]
},
{
"reference": "./KiCad-libraries-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./KiCad-libraries-exception.html",
"referenceNumber": 28,
"name": "KiCad Libraries Exception",
"licenseExceptionId": "KiCad-libraries-exception",
"seeAlso": [
"https://www.kicad.org/libraries/license/"
]
},
{
"reference": "./LGPL-3.0-linking-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./LGPL-3.0-linking-exception.html",
"referenceNumber": 2,
"name": "LGPL-3.0 Linking Exception",
"licenseExceptionId": "LGPL-3.0-linking-exception",
"seeAlso": [
"https://raw.githubusercontent.com/go-xmlpath/xmlpath/v2/LICENSE",
"https://github.com/goamz/goamz/blob/master/LICENSE",
"https://github.com/juju/errors/blob/master/LICENSE"
]
},
{
"reference": "./libpri-OpenH323-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./libpri-OpenH323-exception.html",
"referenceNumber": 32,
"name": "libpri OpenH323 exception",
"licenseExceptionId": "libpri-OpenH323-exception",
"seeAlso": [
"https://github.com/asterisk/libpri/blob/1.6.0/README#L19-L22"
]
},
{
"reference": "./Libtool-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Libtool-exception.html",
"referenceNumber": 17,
"name": "Libtool Exception",
"licenseExceptionId": "Libtool-exception",
"seeAlso": [
"http://git.savannah.gnu.org/cgit/libtool.git/tree/m4/libtool.m4"
]
},
{
"reference": "./Linux-syscall-note.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Linux-syscall-note.html",
"referenceNumber": 49,
"name": "Linux Syscall Note",
"licenseExceptionId": "Linux-syscall-note",
"seeAlso": [
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/COPYING"
]
},
{
"reference": "./LLGPL.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./LLGPL.html",
"referenceNumber": 3,
"name": "LLGPL Preamble",
"licenseExceptionId": "LLGPL",
"seeAlso": [
"http://opensource.franz.com/preamble.html"
]
},
{
"reference": "./LLVM-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./LLVM-exception.html",
"referenceNumber": 14,
"name": "LLVM Exception",
"licenseExceptionId": "LLVM-exception",
"seeAlso": [
"http://llvm.org/foundation/relicensing/LICENSE.txt"
]
},
{
"reference": "./LZMA-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./LZMA-exception.html",
"referenceNumber": 55,
"name": "LZMA exception",
"licenseExceptionId": "LZMA-exception",
"seeAlso": [
"http://nsis.sourceforge.net/Docs/AppendixI.html#I.6"
]
},
{
"reference": "./mif-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./mif-exception.html",
"referenceNumber": 53,
"name": "Macros and Inline Functions Exception",
"licenseExceptionId": "mif-exception",
"seeAlso": [
"http://www.scs.stanford.edu/histar/src/lib/cppsup/exception",
"http://dev.bertos.org/doxygen/",
"https://www.threadingbuildingblocks.org/licensing"
]
},
{
"reference": "./Nokia-Qt-exception-1.1.json",
"isDeprecatedLicenseId": true,
"detailsUrl": "./Nokia-Qt-exception-1.1.html",
"referenceNumber": 31,
"name": "Nokia Qt LGPL exception 1.1",
"licenseExceptionId": "Nokia-Qt-exception-1.1",
"seeAlso": [
"https://www.keepassx.org/dev/projects/keepassx/repository/revisions/b8dfb9cc4d5133e0f09cd7533d15a4f1c19a40f2/entry/LICENSE.NOKIA-LGPL-EXCEPTION"
]
},
{
"reference": "./OCaml-LGPL-linking-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./OCaml-LGPL-linking-exception.html",
"referenceNumber": 29,
"name": "OCaml LGPL Linking Exception",
"licenseExceptionId": "OCaml-LGPL-linking-exception",
"seeAlso": [
"https://caml.inria.fr/ocaml/license.en.html"
]
},
{
"reference": "./OCCT-exception-1.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./OCCT-exception-1.0.html",
"referenceNumber": 15,
"name": "Open CASCADE Exception 1.0",
"licenseExceptionId": "OCCT-exception-1.0",
"seeAlso": [
"http://www.opencascade.com/content/licensing"
]
},
{
"reference": "./OpenJDK-assembly-exception-1.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./OpenJDK-assembly-exception-1.0.html",
"referenceNumber": 24,
"name": "OpenJDK Assembly exception 1.0",
"licenseExceptionId": "OpenJDK-assembly-exception-1.0",
"seeAlso": [
"http://openjdk.java.net/legal/assembly-exception.html"
]
},
{
"reference": "./openvpn-openssl-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./openvpn-openssl-exception.html",
"referenceNumber": 43,
"name": "OpenVPN OpenSSL Exception",
"licenseExceptionId": "openvpn-openssl-exception",
"seeAlso": [
"http://openvpn.net/index.php/license.html"
]
},
{
"reference": "./PS-or-PDF-font-exception-20170817.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./PS-or-PDF-font-exception-20170817.html",
"referenceNumber": 45,
"name": "PS/PDF font exception (2017-08-17)",
"licenseExceptionId": "PS-or-PDF-font-exception-20170817",
"seeAlso": [
"https://github.com/ArtifexSoftware/urw-base35-fonts/blob/65962e27febc3883a17e651cdb23e783668c996f/LICENSE"
]
},
{
"reference": "./QPL-1.0-INRIA-2004-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./QPL-1.0-INRIA-2004-exception.html",
"referenceNumber": 44,
"name": "INRIA QPL 1.0 2004 variant exception",
"licenseExceptionId": "QPL-1.0-INRIA-2004-exception",
"seeAlso": [
"https://git.frama-c.com/pub/frama-c/-/blob/master/licenses/Q_MODIFIED_LICENSE",
"https://github.com/maranget/hevea/blob/master/LICENSE"
]
},
{
"reference": "./Qt-GPL-exception-1.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Qt-GPL-exception-1.0.html",
"referenceNumber": 10,
"name": "Qt GPL exception 1.0",
"licenseExceptionId": "Qt-GPL-exception-1.0",
"seeAlso": [
"http://code.qt.io/cgit/qt/qtbase.git/tree/LICENSE.GPL3-EXCEPT"
]
},
{
"reference": "./Qt-LGPL-exception-1.1.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Qt-LGPL-exception-1.1.html",
"referenceNumber": 16,
"name": "Qt LGPL exception 1.1",
"licenseExceptionId": "Qt-LGPL-exception-1.1",
"seeAlso": [
"http://code.qt.io/cgit/qt/qtbase.git/tree/LGPL_EXCEPTION.txt"
]
},
{
"reference": "./Qwt-exception-1.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Qwt-exception-1.0.html",
"referenceNumber": 51,
"name": "Qwt exception 1.0",
"licenseExceptionId": "Qwt-exception-1.0",
"seeAlso": [
"http://qwt.sourceforge.net/qwtlicense.html"
]
},
{
"reference": "./SHL-2.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./SHL-2.0.html",
"referenceNumber": 26,
"name": "Solderpad Hardware License v2.0",
"licenseExceptionId": "SHL-2.0",
"seeAlso": [
"https://solderpad.org/licenses/SHL-2.0/"
]
},
{
"reference": "./SHL-2.1.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./SHL-2.1.html",
"referenceNumber": 23,
"name": "Solderpad Hardware License v2.1",
"licenseExceptionId": "SHL-2.1",
"seeAlso": [
"https://solderpad.org/licenses/SHL-2.1/"
]
},
{
"reference": "./SWI-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./SWI-exception.html",
"referenceNumber": 22,
"name": "SWI exception",
"licenseExceptionId": "SWI-exception",
"seeAlso": [
"https://github.com/SWI-Prolog/packages-clpqr/blob/bfa80b9270274f0800120d5b8e6fef42ac2dc6a5/clpqr/class.pl"
]
},
{
"reference": "./Swift-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Swift-exception.html",
"referenceNumber": 46,
"name": "Swift Exception",
"licenseExceptionId": "Swift-exception",
"seeAlso": [
"https://swift.org/LICENSE.txt",
"https://github.com/apple/swift-package-manager/blob/7ab2275f447a5eb37497ed63a9340f8a6d1e488b/LICENSE.txt#L205"
]
},
{
"reference": "./u-boot-exception-2.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./u-boot-exception-2.0.html",
"referenceNumber": 5,
"name": "U-Boot exception 2.0",
"licenseExceptionId": "u-boot-exception-2.0",
"seeAlso": [
"http://git.denx.de/?p\u003du-boot.git;a\u003dblob;f\u003dLicenses/Exceptions"
]
},
{
"reference": "./Universal-FOSS-exception-1.0.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./Universal-FOSS-exception-1.0.html",
"referenceNumber": 12,
"name": "Universal FOSS Exception, Version 1.0",
"licenseExceptionId": "Universal-FOSS-exception-1.0",
"seeAlso": [
"https://oss.oracle.com/licenses/universal-foss-exception/"
]
},
{
"reference": "./vsftpd-openssl-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./vsftpd-openssl-exception.html",
"referenceNumber": 56,
"name": "vsftpd OpenSSL exception",
"licenseExceptionId": "vsftpd-openssl-exception",
"seeAlso": [
"https://git.stg.centos.org/source-git/vsftpd/blob/f727873674d9c9cd7afcae6677aa782eb54c8362/f/LICENSE",
"https://launchpad.net/debian/squeeze/+source/vsftpd/+copyright",
"https://github.com/richardcochran/vsftpd/blob/master/COPYING"
]
},
{
"reference": "./WxWindows-exception-3.1.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./WxWindows-exception-3.1.html",
"referenceNumber": 25,
"name": "WxWindows Library Exception 3.1",
"licenseExceptionId": "WxWindows-exception-3.1",
"seeAlso": [
"http://www.opensource.org/licenses/WXwindows"
]
},
{
"reference": "./x11vnc-openssl-exception.json",
"isDeprecatedLicenseId": false,
"detailsUrl": "./x11vnc-openssl-exception.html",
"referenceNumber": 6,
"name": "x11vnc OpenSSL Exception",
"licenseExceptionId": "x11vnc-openssl-exception",
"seeAlso": [
"https://github.com/LibVNC/x11vnc/blob/master/src/8to24.c#L22"
]
}
],
"releaseDate": "2023-06-18"
}

7011
docs/schemas/spdx-license-list-3.21.json Normal file
View File

File diff suppressed because it is too large Load Diff

170
docs/schemas/stellaops-slice.v1.schema.json Normal file
View File

@@ -0,0 +1,170 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stellaops.dev/schemas/stellaops-slice.v1.schema.json",
"title": "Reachability Slice",
"type": "object",
"required": ["_type", "inputs", "query", "subgraph", "verdict", "manifest"],
"properties": {
"_type": {
"type": "string",
"const": "stellaops.dev/predicates/reachability-slice@v1"
},
"inputs": { "$ref": "#/$defs/SliceInputs" },
"query": { "$ref": "#/$defs/SliceQuery" },
"subgraph": { "$ref": "#/$defs/SliceSubgraph" },
"verdict": { "$ref": "#/$defs/SliceVerdict" },
"manifest": { "$ref": "#/$defs/ScanManifest" }
},
"$defs": {
"SliceInputs": {
"type": "object",
"required": ["graphDigest"],
"properties": {
"graphDigest": { "type": "string", "pattern": "^blake3:[a-f0-9]{64}$" },
"binaryDigests": {
"type": "array",
"items": { "type": "string", "pattern": "^(sha256|blake3):[a-f0-9]{64}$" }
},
"sbomDigest": { "type": "string" },
"layerDigests": {
"type": "array",
"items": { "type": "string" }
}
},
"additionalProperties": false
},
"SliceQuery": {
"type": "object",
"properties": {
"cveId": { "type": "string", "pattern": "^CVE-\\d{4}-\\d+$" },
"targetSymbols": { "type": "array", "items": { "type": "string" } },
"entrypoints": { "type": "array", "items": { "type": "string" } },
"policyHash": { "type": "string" }
},
"additionalProperties": false
},
"SliceSubgraph": {
"type": "object",
"required": ["nodes", "edges"],
"properties": {
"nodes": { "type": "array", "items": { "$ref": "#/$defs/SliceNode" } },
"edges": { "type": "array", "items": { "$ref": "#/$defs/SliceEdge" } }
},
"additionalProperties": false
},
"SliceNode": {
"type": "object",
"required": ["id", "symbol", "kind"],
"properties": {
"id": { "type": "string" },
"symbol": { "type": "string" },
"kind": { "type": "string", "enum": ["entrypoint", "intermediate", "target", "unknown"] },
"file": { "type": "string" },
"line": { "type": "integer" },
"purl": { "type": "string" },
"attributes": {
"type": "object",
"additionalProperties": { "type": "string" }
}
},
"additionalProperties": false
},
"SliceEdge": {
"type": "object",
"required": ["from", "to", "confidence"],
"properties": {
"from": { "type": "string" },
"to": { "type": "string" },
"kind": { "type": "string", "enum": ["direct", "plt", "iat", "dynamic", "unknown"] },
"confidence": { "type": "number", "minimum": 0, "maximum": 1 },
"evidence": { "type": "string" },
"gate": { "$ref": "#/$defs/SliceGateInfo" },
"observed": { "$ref": "#/$defs/ObservedEdgeMetadata" }
},
"additionalProperties": false
},
"SliceGateInfo": {
"type": "object",
"required": ["type", "condition", "satisfied"],
"properties": {
"type": { "type": "string", "enum": ["feature_flag", "auth", "config", "admin_only"] },
"condition": { "type": "string" },
"satisfied": { "type": "boolean" }
},
"additionalProperties": false
},
"ObservedEdgeMetadata": {
"type": "object",
"required": ["firstObserved", "lastObserved", "count"],
"properties": {
"firstObserved": { "type": "string", "format": "date-time" },
"lastObserved": { "type": "string", "format": "date-time" },
"count": { "type": "integer", "minimum": 0 },
"traceDigest": { "type": "string" }
},
"additionalProperties": false
},
"SliceVerdict": {
"type": "object",
"required": ["status", "confidence"],
"properties": {
"status": {
"type": "string",
"enum": ["reachable", "unreachable", "unknown", "gated", "observed_reachable"]
},
"confidence": { "type": "number", "minimum": 0, "maximum": 1 },
"reasons": { "type": "array", "items": { "type": "string" } },
"pathWitnesses": { "type": "array", "items": { "type": "string" } },
"unknownCount": { "type": "integer", "minimum": 0 },
"gatedPaths": { "type": "array", "items": { "$ref": "#/$defs/GatedPath" } }
},
"additionalProperties": false
},
"GatedPath": {
"type": "object",
"required": ["pathId", "gateType", "gateCondition", "gateSatisfied"],
"properties": {
"pathId": { "type": "string" },
"gateType": { "type": "string" },
"gateCondition": { "type": "string" },
"gateSatisfied": { "type": "boolean" }
},
"additionalProperties": false
},
"ScanManifest": {
"type": "object",
"required": [
"scanId",
"createdAtUtc",
"artifactDigest",
"scannerVersion",
"workerVersion",
"concelierSnapshotHash",
"excititorSnapshotHash",
"latticePolicyHash",
"deterministic",
"seed",
"knobs"
],
"properties": {
"scanId": { "type": "string" },
"createdAtUtc": { "type": "string", "format": "date-time" },
"artifactDigest": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$" },
"artifactPurl": { "type": "string" },
"scannerVersion": { "type": "string" },
"workerVersion": { "type": "string" },
"concelierSnapshotHash": { "type": "string" },
"excititorSnapshotHash": { "type": "string" },
"latticePolicyHash": { "type": "string" },
"deterministic": { "type": "boolean" },
"seed": { "type": "string" },
"knobs": {
"type": "object",
"additionalProperties": { "type": "string" }
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}