Refactor code structure for improved readability and maintainability; optimize performance in key functions.

2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 4602ccc3a3
1444 changed files with 109919 additions and 8058 deletions
--- a/src/__Libraries/StellaOps.Evidence/Models/EvidenceIndex.cs
+++ b/src/__Libraries/StellaOps.Evidence/Models/EvidenceIndex.cs
@@ -0,0 +1,102 @@
+using System.Collections.Immutable;
+
+namespace StellaOps.Evidence.Models;
+
+/// <summary>
+/// Machine-readable index linking a verdict to all supporting evidence.
+/// </summary>
+public sealed record EvidenceIndex
+{
+    public required string IndexId { get; init; }
+    public string SchemaVersion { get; init; } = "1.0.0";
+    public required VerdictReference Verdict { get; init; }
+    public required ImmutableArray<SbomEvidence> Sboms { get; init; }
+    public required ImmutableArray<AttestationEvidence> Attestations { get; init; }
+    public ImmutableArray<VexEvidence> VexDocuments { get; init; } = [];
+    public ImmutableArray<ReachabilityEvidence> ReachabilityProofs { get; init; } = [];
+    public ImmutableArray<UnknownEvidence> Unknowns { get; init; } = [];
+    public required ToolChainEvidence ToolChain { get; init; }
+    public required string RunManifestDigest { get; init; }
+    public required DateTimeOffset CreatedAt { get; init; }
+    public string? IndexDigest { get; init; }
+}
+
+public sealed record VerdictReference(
+    string VerdictId,
+    string Digest,
+    VerdictOutcome Outcome,
+    string? PolicyVersion);
+
+public enum VerdictOutcome
+{
+    Pass,
+    Fail,
+    Warn,
+    Unknown
+}
+
+public sealed record SbomEvidence(
+    string SbomId,
+    string Format,
+    string Digest,
+    string? Uri,
+    int ComponentCount,
+    DateTimeOffset GeneratedAt);
+
+public sealed record AttestationEvidence(
+    string AttestationId,
+    string Type,
+    string Digest,
+    string SignerKeyId,
+    bool SignatureValid,
+    DateTimeOffset SignedAt,
+    string? RekorLogIndex);
+
+public sealed record VexEvidence(
+    string VexId,
+    string Format,
+    string Digest,
+    string Source,
+    int StatementCount,
+    ImmutableArray<string> AffectedVulnerabilities);
+
+public sealed record ReachabilityEvidence(
+    string ProofId,
+    string VulnerabilityId,
+    string ComponentPurl,
+    ReachabilityStatus Status,
+    string? EntryPoint,
+    ImmutableArray<string> CallPath,
+    string Digest);
+
+public enum ReachabilityStatus
+{
+    Reachable,
+    NotReachable,
+    Inconclusive,
+    NotAnalyzed
+}
+
+public sealed record UnknownEvidence(
+    string UnknownId,
+    string ReasonCode,
+    string Description,
+    string? ComponentPurl,
+    string? VulnerabilityId,
+    UnknownSeverity Severity);
+
+public enum UnknownSeverity
+{
+    Low,
+    Medium,
+    High,
+    Critical
+}
+
+public sealed record ToolChainEvidence(
+    string ScannerVersion,
+    string SbomGeneratorVersion,
+    string ReachabilityEngineVersion,
+    string AttestorVersion,
+    string PolicyEngineVersion,
+    ImmutableDictionary<string, string> AdditionalTools);