feat: add PolicyPackSelectorComponent with tests and integration
- Implemented PolicyPackSelectorComponent for selecting policy packs. - Added unit tests for component behavior, including API success and error handling. - Introduced monaco-workers type declarations for editor workers. - Created acceptance tests for guardrails with stubs for AT1–AT10. - Established SCA Failure Catalogue Fixtures for regression testing. - Developed plugin determinism harness with stubs for PL1–PL10. - Added scripts for evidence upload and verification processes.
This commit is contained in:
StellaOps Bot
15
tests/fixtures/sca/catalogue/README.md
vendored
Normal file
15
tests/fixtures/sca/catalogue/README.md
vendored
Normal file
@@ -0,0 +1,15 @@
|
||||
# SCA Failure Catalogue Fixtures (Placeholder)
|
||||
|
||||
This directory hosts deterministic fixtures for the five regressions in
|
||||
`docs/product-advisories/29-Nov-2025 - SCA Failure Catalogue for StellaOps Tests.md`.
|
||||
|
||||
Cases (to be populated):
|
||||
- FC1 credential leak (Grype)
|
||||
- FC2 Trivy offline DB schema mismatch
|
||||
- FC3 SBOM parity drift
|
||||
- FC4 Grype version divergence
|
||||
- FC5 inconsistent detection
|
||||
|
||||
- Pinned tool versions and feeds are recorded in `inputs.lock`.
|
||||
- Each case will include DSSE-signed manifests and normalized expected outputs.
|
||||
- No network access; rely on bundled caches only.
|
||||
8
tests/fixtures/sca/catalogue/fc1/expected.json
vendored
Normal file
8
tests/fixtures/sca/catalogue/fc1/expected.json
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"id": "fc1-credential-leak",
|
||||
"scanner": "grype",
|
||||
"feed": "offline-cache-2025-11-30",
|
||||
"expected_findings": [
|
||||
{"purl": "pkg:docker/example@1.0.0", "cve": "CVE-2024-9999", "status": "present"}
|
||||
]
|
||||
}
|
||||
7
tests/fixtures/sca/catalogue/fc1/manifest.dsse.json
vendored
Normal file
7
tests/fixtures/sca/catalogue/fc1/manifest.dsse.json
vendored
Normal file
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"payloadType": "application/json",
|
||||
"payload": "<base64-encoded expected.json>",
|
||||
"signatures": [
|
||||
{"keyid": "stub-key-id", "sig": ""}
|
||||
]
|
||||
}
|
||||
8
tests/fixtures/sca/catalogue/fc2/expected.json
vendored
Normal file
8
tests/fixtures/sca/catalogue/fc2/expected.json
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"id": "fc2-trivy-offline-schema",
|
||||
"scanner": "trivy",
|
||||
"feed": "offline-cache-2025-11-30",
|
||||
"expected_errors": [
|
||||
{"code": "SCHEMA_MISMATCH", "message": "offline DB schema mismatch"}
|
||||
]
|
||||
}
|
||||
7
tests/fixtures/sca/catalogue/fc2/manifest.dsse.json
vendored
Normal file
7
tests/fixtures/sca/catalogue/fc2/manifest.dsse.json
vendored
Normal file
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"payloadType": "application/json",
|
||||
"payload": "<base64-encoded expected.json>",
|
||||
"signatures": [
|
||||
{"keyid": "stub-key-id", "sig": ""}
|
||||
]
|
||||
}
|
||||
8
tests/fixtures/sca/catalogue/fc3/expected.json
vendored
Normal file
8
tests/fixtures/sca/catalogue/fc3/expected.json
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"id": "fc3-sbom-parity-drift",
|
||||
"scanner": "syft",
|
||||
"feed": "offline-cache-2025-11-30",
|
||||
"expected_findings": [
|
||||
{"purl": "pkg:docker/example@1.0.0", "issue": "sbom_parity_drift"}
|
||||
]
|
||||
}
|
||||
7
tests/fixtures/sca/catalogue/fc3/manifest.dsse.json
vendored
Normal file
7
tests/fixtures/sca/catalogue/fc3/manifest.dsse.json
vendored
Normal file
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"payloadType": "application/json",
|
||||
"payload": "<base64-encoded expected.json>",
|
||||
"signatures": [
|
||||
{"keyid": "stub-key-id", "sig": ""}
|
||||
]
|
||||
}
|
||||
8
tests/fixtures/sca/catalogue/fc4/expected.json
vendored
Normal file
8
tests/fixtures/sca/catalogue/fc4/expected.json
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"id": "fc4-grype-version-divergence",
|
||||
"scanner": "grype",
|
||||
"feed": "offline-cache-2025-11-30",
|
||||
"expected_warnings": [
|
||||
{"code": "VERSION_DIVERGENCE", "message": "scanner version drift detected"}
|
||||
]
|
||||
}
|
||||
7
tests/fixtures/sca/catalogue/fc4/manifest.dsse.json
vendored
Normal file
7
tests/fixtures/sca/catalogue/fc4/manifest.dsse.json
vendored
Normal file
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"payloadType": "application/json",
|
||||
"payload": "<base64-encoded expected.json>",
|
||||
"signatures": [
|
||||
{"keyid": "stub-key-id", "sig": ""}
|
||||
]
|
||||
}
|
||||
8
tests/fixtures/sca/catalogue/fc5/expected.json
vendored
Normal file
8
tests/fixtures/sca/catalogue/fc5/expected.json
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"id": "fc5-inconsistent-detection",
|
||||
"scanner": "grype",
|
||||
"feed": "offline-cache-2025-11-30",
|
||||
"expected_findings": [
|
||||
{"purl": "pkg:docker/example@1.0.0", "issue": "inconsistent_detection"}
|
||||
]
|
||||
}
|
||||
7
tests/fixtures/sca/catalogue/fc5/manifest.dsse.json
vendored
Normal file
7
tests/fixtures/sca/catalogue/fc5/manifest.dsse.json
vendored
Normal file
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"payloadType": "application/json",
|
||||
"payload": "<base64-encoded expected.json>",
|
||||
"signatures": [
|
||||
{"keyid": "stub-key-id", "sig": ""}
|
||||
]
|
||||
}
|
||||
11
tests/fixtures/sca/catalogue/inputs.lock
vendored
Normal file
11
tests/fixtures/sca/catalogue/inputs.lock
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
scanner_versions:
|
||||
grype: "0.76.1"
|
||||
trivy: "0.49.1"
|
||||
syft: "1.1.0"
|
||||
feed_snapshot: "offline-cache-2025-11-30"
|
||||
seeds:
|
||||
default: 20251205
|
||||
os:
|
||||
distro: "ubuntu-22.04"
|
||||
kernel: "5.15"
|
||||
notes: "Offline-only; normalize outputs before comparison"
|
||||
Reference in New Issue
Block a user