stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

feat(zastava): add evidence locker plan and schema examples

Browse Source 
- Introduced README.md for Zastava Evidence Locker Plan detailing artifacts to sign and post-signing steps.
- Added example JSON schemas for observer events and webhook admissions.
- Updated implementor guidelines with checklist for CI linting, determinism, secrets management, and schema control.
- Created alert rules for Vuln Explorer to monitor API latency and projection errors.
- Developed analytics ingestion plan for Vuln Explorer, focusing on telemetry and PII guardrails.
- Implemented Grafana dashboard configuration for Vuln Explorer metrics visualization.
- Added expected projection SHA256 for vulnerability events.
- Created k6 load testing script for Vuln Explorer API.
- Added sample projection and replay event data for testing.
- Implemented ReplayInputsLock for deterministic replay inputs management.
- Developed tests for ReplayInputsLock to ensure stable hash computation.
- Created SurfaceManifestDeterminismVerifier to validate manifest determinism and integrity.
- Added unit tests for SurfaceManifestDeterminismVerifier to ensure correct functionality.
- Implemented Angular tests for VulnerabilityHttpClient and VulnerabilityDetailComponent to verify API interactions and UI rendering.
This commit is contained in:
StellaOps Bot
2025-12-02 09:27:31 +02:00
parent 885ce86af4
commit 2d08f52715
74 changed files with 1690 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/modules/zastava/kit/verify.sh
View File

@@ -8,7 +8,17 @@ if ! command -v sha256sum >/dev/null; then
fi
sha256sum --check SHA256SUMS
# TODO: add DSSE verification once signatures are available; placeholder below
# cosign verify-blob --key cosign.pub --signature observer_event.schema.json.sig observer_event.schema.json
if command -v cosign >/dev/null && [ -f cosign.pub ]; then
echo "cosign present; DSSE verification placeholders (update paths when signed):"
echo "- observer_event.schema.dsse"
echo "- webhook_admission.schema.dsse"
echo "- thresholds.dsse"
# Example commands (uncomment once DSSE files exist):
# cosign verify-blob --key cosign.pub --signature observer_event.schema.dsse schemas/observer_event.schema.json
# cosign verify-blob --key cosign.pub --signature webhook_admission.schema.dsse schemas/webhook_admission.schema.json
# cosign verify-blob --key cosign.pub --signature thresholds.dsse thresholds.yaml
else
echo "cosign not found or cosign.pub missing; skipped DSSE verification"
fi
echo "OK: hashes verified (DSSE verification pending)"