feat(zastava): add evidence locker plan and schema examples
- Introduced README.md for Zastava Evidence Locker Plan detailing artifacts to sign and post-signing steps. - Added example JSON schemas for observer events and webhook admissions. - Updated implementor guidelines with checklist for CI linting, determinism, secrets management, and schema control. - Created alert rules for Vuln Explorer to monitor API latency and projection errors. - Developed analytics ingestion plan for Vuln Explorer, focusing on telemetry and PII guardrails. - Implemented Grafana dashboard configuration for Vuln Explorer metrics visualization. - Added expected projection SHA256 for vulnerability events. - Created k6 load testing script for Vuln Explorer API. - Added sample projection and replay event data for testing. - Implemented ReplayInputsLock for deterministic replay inputs management. - Developed tests for ReplayInputsLock to ensure stable hash computation. - Created SurfaceManifestDeterminismVerifier to validate manifest determinism and integrity. - Added unit tests for SurfaceManifestDeterminismVerifier to ensure correct functionality. - Implemented Angular tests for VulnerabilityHttpClient and VulnerabilityDetailComponent to verify API interactions and UI rendering.
This commit is contained in:
StellaOps Bot
@@ -101,6 +101,71 @@ public sealed class FileSurfaceManifestStoreTests : IAsyncDisposable
|
||||
Assert.Equal("scan-123", retrieved.ScanId);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task PublishAsync_NormalizesDeterminismMetadataAndAttestations()
|
||||
{
|
||||
var doc = new SurfaceManifestDocument
|
||||
{
|
||||
Tenant = "acme",
|
||||
DeterminismMerkleRoot = "ABCDEF",
|
||||
Determinism = new SurfaceDeterminismMetadata
|
||||
{
|
||||
MerkleRoot = "ABCDEF",
|
||||
RecipeDigest = "1234",
|
||||
CompositionRecipeUri = " cas://bucket/recipe.json "
|
||||
},
|
||||
Artifacts = new[]
|
||||
{
|
||||
new SurfaceManifestArtifact
|
||||
{
|
||||
Kind = "layer.fragments",
|
||||
Uri = "cas://bucket/fragments.json",
|
||||
Digest = "sha256:bbbb",
|
||||
MediaType = "application/json",
|
||||
Format = "json",
|
||||
Attestations = new[]
|
||||
{
|
||||
new SurfaceManifestAttestation
|
||||
{
|
||||
Kind = "dsse",
|
||||
Digest = "sha256:dddd",
|
||||
Uri = "cas://attest/dsse.json"
|
||||
},
|
||||
new SurfaceManifestAttestation
|
||||
{
|
||||
Kind = "dsse",
|
||||
Digest = "sha256:cccc",
|
||||
Uri = "cas://attest/other.json"
|
||||
}
|
||||
}
|
||||
},
|
||||
new SurfaceManifestArtifact
|
||||
{
|
||||
Kind = "composition.recipe",
|
||||
Uri = "cas://bucket/recipe.json",
|
||||
Digest = "sha256:1234",
|
||||
MediaType = "application/json",
|
||||
Format = "composition.recipe"
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
var result = await _store.PublishAsync(doc);
|
||||
|
||||
Assert.Equal("abcdef", result.Document.DeterminismMerkleRoot);
|
||||
Assert.Equal("sha256:1234", result.Document.Determinism!.RecipeDigest);
|
||||
Assert.Equal("cas://bucket/recipe.json", result.Document.Determinism!.CompositionRecipeUri);
|
||||
|
||||
var attestationOrder = result.Document.Artifacts
|
||||
.Single(a => a.Kind == "layer.fragments")
|
||||
.Attestations!
|
||||
.Select(a => a.Digest)
|
||||
.ToArray();
|
||||
|
||||
Assert.Equal(new[] { "sha256:cccc", "sha256:dddd" }, attestationOrder);
|
||||
Assert.Equal(result.Document.DeterminismMerkleRoot, result.DeterminismMerkleRoot);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task TryGetByDigestAsync_ReturnsManifestAcrossTenants()
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user