up
This commit is contained in:
StellaOps Bot
@@ -64,6 +64,22 @@ These are the authoritative advisories to reference for implementation:
|
||||
- **Sprint:** Multiple sprints (0186, 0401, 0512)
|
||||
- **Status:** High-level roadmap document
|
||||
|
||||
### Vulnerability Triage UX & VEX-First Decisioning
|
||||
- **Canonical:** `28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`
|
||||
- **Sprint:** SPRINT_0215_0001_0001_vuln_triage_ux.md (NEW)
|
||||
- **Related Sprints:**
|
||||
- SPRINT_210_ui_ii.md (UI-LNM-22-003 VEX tab)
|
||||
- SPRINT_0334_docs_modules_vuln_explorer.md (docs)
|
||||
- **Related Advisories:**
|
||||
- `27-Nov-2025 - Explainability Layer for Vulnerability Verdicts.md` (evidence chain)
|
||||
- `27-Nov-2025 - Making Graphs Understandable to Humans.md` (graph UX)
|
||||
- `25-Nov-2025 - Define Safe VEX 'Not Affected' Claims with Proofs.md` (VEX proofs)
|
||||
- **Status:** New - defines converged triage UX across Snyk/GitLab/Harbor/Anchore patterns
|
||||
- **Schemas:**
|
||||
- `docs/schemas/vex-decision.schema.json`
|
||||
- `docs/schemas/attestation-vuln-scan.schema.json`
|
||||
- `docs/schemas/audit-bundle-index.schema.json`
|
||||
|
||||
## Files to Archive
|
||||
|
||||
The following files should be moved to `archived/` as they are superseded:
|
||||
@@ -95,6 +111,7 @@ The following files should be moved to `archived/` as they are superseded:
|
||||
| Unknowns Registry | SPRINT_0140_0001_0001 | EXISTING (implemented) |
|
||||
| Graph Revision IDs | SPRINT_0401_0001_0001 | EXISTING |
|
||||
| DSSE/Rekor Batching | SPRINT_0401_0001_0001 | EXISTING |
|
||||
| Vuln Triage UX / VEX | SPRINT_0215_0001_0001 | NEW |
|
||||
|
||||
## Implementation Priority
|
||||
|
||||
@@ -103,8 +120,9 @@ Based on gap analysis:
|
||||
1. **P0 - CVSS v4.0** (Sprint 0190) - Industry moving to v4.0, genuine gap
|
||||
2. **P1 - SPDX 3.0.1** (Sprint 0186 tasks 15a-15f) - Standards compliance
|
||||
3. **P1 - Public Benchmark** (Sprint 0513) - Differentiation/marketing value
|
||||
4. **P2 - Explainability** (Sprint 0401) - UX enhancement, existing tasks
|
||||
5. **P3 - Already Implemented** - Unknowns, Graph IDs, DSSE batching
|
||||
4. **P1 - Vuln Triage UX** (Sprint 0215) - Industry-aligned UX for competitive parity
|
||||
5. **P2 - Explainability** (Sprint 0401) - UX enhancement, existing tasks
|
||||
6. **P3 - Already Implemented** - Unknowns, Graph IDs, DSSE batching
|
||||
|
||||
## Implementer Quick Reference
|
||||
|
||||
@@ -124,7 +142,10 @@ For each topic, the implementer should read:
|
||||
| Sbomer | `docs/modules/sbomer/architecture.md` | `src/Sbomer/*/AGENTS.md` |
|
||||
| Signals | `docs/modules/signals/architecture.md` | `src/Signals/*/AGENTS.md` |
|
||||
| Attestor | `docs/modules/attestor/architecture.md` | `src/Attestor/*/AGENTS.md` |
|
||||
| Vuln Explorer | `docs/modules/vuln-explorer/architecture.md` | `src/VulnExplorer/*/AGENTS.md` |
|
||||
| VEX-Lens | `docs/modules/vex-lens/architecture.md` | `src/Excititor/*/AGENTS.md` |
|
||||
| UI | `docs/modules/ui/architecture.md` | `src/UI/*/AGENTS.md` |
|
||||
|
||||
---
|
||||
*Index created: 2025-11-27*
|
||||
*Last updated: 2025-11-27*
|
||||
*Last updated: 2025-11-28*
|
||||
|
||||
Reference in New Issue
Block a user