stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Refactor code structure for improved readability and maintainability; optimize performance in key functions.

Browse Source
This commit is contained in:
master
2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 4602ccc3a3
1444 changed files with 109919 additions and 8058 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/09_API_CLI_REFERENCE.md
View File

@@ -348,7 +348,7 @@ Accept: application/json
"kind": "sbom-inventory",
"uri": "cas://scanner-artifacts/scanner/images/cafecafecafecafecafecafecafecafecafecafecafecafecafecafecafecafe/sbom.cdx.json",
"digest": "sha256:deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef",
"mediaType": "application/vnd.cyclonedx+json; version=1.6; view=inventory",
"mediaType": "application/vnd.cyclonedx+json; version=1.7; view=inventory",
"format": "cdx-json",
"sizeBytes": 2048,
"view": "inventory"
@@ -484,7 +484,7 @@ Request body mirrors policy preview inputs (image digest plus findings). The ser
"kind": "sbom-inventory",
"uri": "cas://scanner-artifacts/scanner/images/7dbe0c9a5d4f1c8184007e9d94dbe55928f8a2db5ab9c1c2d4a2f7bbcdfe1234/sbom.cdx.json",
"digest": "sha256:2b8ce7dd0037e59f0f93e4a5cff45b1eb305a511a1c9e2895d2f4ecdf616d3da",
"mediaType": "application/vnd.cyclonedx+json; version=1.6; view=inventory",
"mediaType": "application/vnd.cyclonedx+json; version=1.7; view=inventory",
"format": "cdx-json",
"sizeBytes": 3072,
"view": "inventory"
@@ -493,7 +493,7 @@ Request body mirrors policy preview inputs (image digest plus findings). The ser
"kind": "sbom-usage",
"uri": "cas://scanner-artifacts/scanner/images/7dbe0c9a5d4f1c8184007e9d94dbe55928f8a2db5ab9c1c2d4a2f7bbcdfe1234/sbom.cdx.pb",
"digest": "sha256:74e4d9f8ab0f2a1772e5768e15a5a9d7b662b849b1f223c8d6f3b184e4ac7780",
"mediaType": "application/vnd.cyclonedx+protobuf; version=1.6; view=usage",
"mediaType": "application/vnd.cyclonedx+protobuf; version=1.7; view=usage",
"format": "cdx-protobuf",
"sizeBytes": 12800,
"view": "usage"
@@ -898,6 +898,7 @@ Both commands honour CLI observability hooks: Spectre tables for human output, `
| `stellaops-cli graph explain` | Show reachability call path for a finding | `--finding <purl:cve>` (required)<br>`--scan-id <id>`<br>`--format table\|json` | Displays `latticeState`, call path with `symbol_id`/`code_id`, runtime hits, `graph_hash`, and DSSE attestation refs |
| `stellaops-cli graph export` | Export reachability graph bundle | `--scan-id <id>` (required)<br>`--output <dir>`<br>`--include-runtime` | Creates `richgraph-v1.json`, `.dsse`, `meta.json`, and optional `runtime-facts.ndjson` |
| `stellaops-cli graph verify` | Verify graph DSSE signature and Rekor entry | `--graph <path>` (required)<br>`--dsse <path>`<br>`--rekor-log` | Recomputes BLAKE3 hash, validates DSSE envelope, checks Rekor inclusion proof |
| `stellaops-cli verify image` | Verify attestation chain for a container image | `<reference>` (argument)<br>`--require <types>`<br>`--trust-policy <path>`<br>`--output table|json|sarif`<br>`--strict` | Discovers OCI referrers, verifies DSSE signatures against trust policy keys, and returns 0/1/2 for CI/CD gating. |
| `stellaops-cli proof verify` | Verify an artifact's proof chain | `<artifact>` (required)<br>`--sbom <file>`<br>`--vex <file>`<br>`--anchor <uuid>`<br>`--offline`<br>`--output text\|json`<br>`-v/-vv` | Validates proof spine, Merkle inclusion, VEX statements, and Rekor entries. Returns exit code 0 (pass), 1 (policy violation), or 2 (system error). Designed for CI/CD integration. |
| `stellaops-cli proof spine` | Display proof spine for an artifact | `<artifact>` (required)<br>`--format table\|json`<br>`--show-merkle` | Shows assembled proof spine with evidence statements, VEX verdicts, and Merkle tree structure. |
| `stellaops-cli score replay` | Replay a score computation for a scan | `--scan <id>` (required)<br>`--output text\|json`<br>`-v` | Calls `/api/v1/scanner/scans/{id}/score/replay` to replay score computation. Returns proof bundle with root hash and verification status. *(Sprint 3500.0004.0001)* |
@@ -1212,4 +1213,4 @@ These stay in *Feature Matrix → To Do* until design is frozen.
* **20250714** added *delta SBOM*, policy import/export, CLI `--sbom-type`.
* **20250712** initial public reference.
---
---