stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

feat(zastava): add evidence locker plan and schema examples

Browse Source 
- Introduced README.md for Zastava Evidence Locker Plan detailing artifacts to sign and post-signing steps.
- Added example JSON schemas for observer events and webhook admissions.
- Updated implementor guidelines with checklist for CI linting, determinism, secrets management, and schema control.
- Created alert rules for Vuln Explorer to monitor API latency and projection errors.
- Developed analytics ingestion plan for Vuln Explorer, focusing on telemetry and PII guardrails.
- Implemented Grafana dashboard configuration for Vuln Explorer metrics visualization.
- Added expected projection SHA256 for vulnerability events.
- Created k6 load testing script for Vuln Explorer API.
- Added sample projection and replay event data for testing.
- Implemented ReplayInputsLock for deterministic replay inputs management.
- Developed tests for ReplayInputsLock to ensure stable hash computation.
- Created SurfaceManifestDeterminismVerifier to validate manifest determinism and integrity.
- Added unit tests for SurfaceManifestDeterminismVerifier to ensure correct functionality.
- Implemented Angular tests for VulnerabilityHttpClient and VulnerabilityDetailComponent to verify API interactions and UI rendering.
This commit is contained in:
StellaOps Bot
2025-12-02 09:27:31 +02:00
parent 885ce86af4
commit 2d08f52715
74 changed files with 1690 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
docs/modules/zastava/schemas/examples/observer_event.example.json Normal file
View File

@@ -0,0 +1,19 @@
{
"tenant_id": "tenant-a",
"project_id": "proj-123",
"sensor_id": "observer-01",
"firmware_version": "1.2.3",
"policy_hash": "sha256:deadbeef",
"graph_revision_id": "graph-r1",
"ledger_id": "ledger-789",
"replay_manifest": "manifest-r1",
"event_type": "runtime_fact",
"observed_at": "2025-12-02T00:00:00Z",
"monotonic_nanos": 123456789,
"payload": {
"process": "nginx",
"pid": 4242
},
"payload_hash": "sha256:payloadhash",
"signature": "dsse://observer-event"
}

21
docs/modules/zastava/schemas/examples/webhook_admission.example.json Normal file
View File

@@ -0,0 +1,21 @@
{
"tenant_id": "tenant-a",
"project_id": "proj-123",
"request_uid": "abcd-1234",
"resource_kind": "Deployment",
"namespace": "prod",
"workload_name": "api",
"policy_hash": "sha256:deadbeef",
"graph_revision_id": "graph-r1",
"ledger_id": "ledger-789",
"replay_manifest": "manifest-r1",
"manifest_pointer": "surfacefs://cache/sha256:abc",
"decision": "allow",
"decision_reason": "surface cache fresh",
"decision_at": "2025-12-02T00:00:00Z",
"monotonic_nanos": 2233445566,
"side_effect": "none",
"bypass_waiver_id": null,
"payload_hash": "sha256:payloadhash",
"signature": "dsse://webhook-admission"
}