stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/features/unchecked/scanner/proof-bundle-api-for-exploit-paths.md Normal file
View File

@@ -0,0 +1,29 @@
# Proof Bundle API for Exploit Paths
## Module
Scanner
## Status
IMPLEMENTED
## Description
REST API (GET /triage/paths/{pathId}/proof) returning complete proof bundles aggregating reachability subgraph (nodes + edges), symbol map with source locations, VEX claims with trust scores, and computed bundle digest for integrity. Export endpoint for JSON file download.
## Implementation Details
- **Proof Bundle Storage**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Postgres/PostgresProofBundleRepository.cs` - `PostgresProofBundleRepository` stores and retrieves proof bundles for exploit paths
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Entities/ProofBundleRow.cs` - `ProofBundleRow` database entity for proof bundle persistence
- **Proof Bundle Writer**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Core/ProofBundleWriter.cs` - `ProofBundleWriter` assembles proof bundles aggregating reachability subgraph, symbol map, VEX claims, and computes bundle digest
- **Scan Manifest**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Repositories/IScanManifestRepository.cs` - Repository for scan manifest data linked to proof bundles
- **OCI Publishing**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/VerdictOciPublisher.cs` - Publishes proof bundles to OCI registries as attestation artifacts
## E2E Test Plan
- [ ] Generate a proof bundle for an exploit path and retrieve it via the API, verifying it contains the reachability subgraph with nodes and edges
- [ ] Verify the proof bundle includes the symbol map with source file locations
- [ ] Verify the proof bundle includes VEX claims with trust scores for each finding
- [ ] Verify the computed bundle digest provides integrity verification
- [ ] Export the proof bundle as a JSON file and verify the download contains the complete bundle
- [ ] Verify proof bundles are publishable to OCI registries as attestation artifacts