stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Refactor code structure for improved readability and maintainability; optimize performance in key functions.

Browse Source
This commit is contained in:
master
2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 4602ccc3a3
1444 changed files with 109919 additions and 8058 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.gitea/AGENTS.md Normal file
View File

@@ -0,0 +1,22 @@
# .gitea AGENTS
## Purpose & Scope
- Working directory: `.gitea/` (CI workflows, templates, pipeline configs).
- Roles: DevOps engineer, QA automation.
## Required Reading (treat as read before DOING)
- `docs/README.md`
- `docs/modules/ci/architecture.md`
- `docs/modules/devops/architecture.md`
- Relevant sprint file(s).
## Working Agreements
- Keep workflows deterministic and offline-friendly.
- Pin versions for tooling where possible.
- Use UTC timestamps in comments/logs.
- Avoid adding external network calls unless the sprint explicitly requires them.
- Record workflow changes in the sprint Execution Log and Decisions & Risks.
## Validation
- Manually validate YAML structure and paths.
- Ensure workflow paths match repository layout.

128
.gitea/workflows/interop-e2e.yml Normal file
View File

@@ -0,0 +1,128 @@
name: Interop E2E Tests
on:
pull_request:
paths:
- 'src/Scanner/**'
- 'src/Excititor/**'
- 'tests/interop/**'
schedule:
- cron: '0 6 * * *' # Nightly at 6 AM UTC
workflow_dispatch:
env:
DOTNET_VERSION: '10.0.100'
jobs:
interop-tests:
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
format: [cyclonedx, spdx]
arch: [amd64]
include:
- format: cyclonedx
format_flag: cyclonedx-json
- format: spdx
format_flag: spdx-json
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Syft
run: |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
syft --version
- name: Install Grype
run: |
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
grype --version
- name: Install cosign
run: |
curl -sSfL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 -o /usr/local/bin/cosign
chmod +x /usr/local/bin/cosign
cosign version
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Restore dependencies
run: dotnet restore src/StellaOps.sln
- name: Build Stella CLI
run: dotnet build src/Cli/StellaOps.Cli/StellaOps.Cli.csproj -c Release
- name: Build interop tests
run: dotnet build tests/interop/StellaOps.Interop.Tests/StellaOps.Interop.Tests.csproj
- name: Run interop tests
run: |
dotnet test tests/interop/StellaOps.Interop.Tests \
--filter "Format=${{ matrix.format }}" \
--logger "trx;LogFileName=interop-${{ matrix.format }}.trx" \
--logger "console;verbosity=detailed" \
--results-directory ./results \
-- RunConfiguration.TestSessionTimeout=900000
- name: Generate parity report
if: always()
run: |
# TODO: Generate parity report from test results
echo '{"format": "${{ matrix.format }}", "parityPercent": 0}' > ./results/parity-report-${{ matrix.format }}.json
- name: Upload test results
if: always()
uses: actions/upload-artifact@v4
with:
name: interop-test-results-${{ matrix.format }}
path: ./results/
- name: Check parity threshold
if: always()
run: |
PARITY=$(jq '.parityPercent' ./results/parity-report-${{ matrix.format }}.json 2>/dev/null || echo "0")
echo "Parity for ${{ matrix.format }}: ${PARITY}%"
if (( $(echo "$PARITY < 95" | bc -l 2>/dev/null || echo "1") )); then
echo "::warning::Findings parity ${PARITY}% is below 95% threshold for ${{ matrix.format }}"
# Don't fail the build yet - this is initial implementation
# exit 1
fi
summary:
runs-on: ubuntu-22.04
needs: interop-tests
if: always()
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: ./all-results
- name: Generate summary
run: |
echo "## Interop Test Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Format | Status |" >> $GITHUB_STEP_SUMMARY
echo "|--------|--------|" >> $GITHUB_STEP_SUMMARY
for format in cyclonedx spdx; do
if [ -f "./all-results/interop-test-results-${format}/parity-report-${format}.json" ]; then
PARITY=$(jq -r '.parityPercent // 0' "./all-results/interop-test-results-${format}/parity-report-${format}.json")
if (( $(echo "$PARITY >= 95" | bc -l 2>/dev/null || echo "0") )); then
STATUS="✅ Pass (${PARITY}%)"
else
STATUS="⚠️ Below threshold (${PARITY}%)"
fi
else
STATUS="❌ No results"
fi
echo "| ${format} | ${STATUS} |" >> $GITHUB_STEP_SUMMARY
done

121
.gitea/workflows/offline-e2e.yml Normal file
View File

@@ -0,0 +1,121 @@
name: Offline E2E Tests
on:
pull_request:
paths:
- 'src/AirGap/**'
- 'src/Scanner/**'
- 'tests/offline/**'
schedule:
- cron: '0 4 * * *' # Nightly at 4 AM UTC
workflow_dispatch:
env:
STELLAOPS_OFFLINE_MODE: 'true'
DOTNET_VERSION: '10.0.100'
jobs:
offline-e2e:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Cache NuGet packages
uses: actions/cache@v3
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
restore-keys: |
${{ runner.os }}-nuget-
- name: Download offline bundle
run: |
# In real scenario, bundle would be pre-built and cached
# For now, create minimal fixture structure
mkdir -p ./offline-bundle/{images,feeds,policies,keys,certs,vex}
echo '{}' > ./offline-bundle/manifest.json
- name: Build in isolated environment
run: |
# Build offline test library
dotnet build src/__Libraries/StellaOps.Testing.AirGap/StellaOps.Testing.AirGap.csproj
# Build offline E2E tests
dotnet build tests/offline/StellaOps.Offline.E2E.Tests/StellaOps.Offline.E2E.Tests.csproj
- name: Run offline E2E tests with network isolation
run: |
# Set offline bundle path
export STELLAOPS_OFFLINE_BUNDLE=$(pwd)/offline-bundle
# Run tests
dotnet test tests/offline/StellaOps.Offline.E2E.Tests \
--logger "trx;LogFileName=offline-e2e.trx" \
--logger "console;verbosity=detailed" \
--results-directory ./results
- name: Verify no network calls
if: always()
run: |
# Parse test output for any NetworkIsolationViolationException
if [ -f "./results/offline-e2e.trx" ]; then
if grep -q "NetworkIsolationViolation" ./results/offline-e2e.trx; then
echo "::error::Tests attempted network calls in offline mode!"
exit 1
else
echo "✅ No network isolation violations detected"
fi
fi
- name: Upload results
if: always()
uses: actions/upload-artifact@v4
with:
name: offline-e2e-results
path: ./results/
verify-isolation:
runs-on: ubuntu-22.04
needs: offline-e2e
if: always()
steps:
- name: Download results
uses: actions/download-artifact@v4
with:
name: offline-e2e-results
path: ./results
- name: Generate summary
run: |
echo "## Offline E2E Test Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [ -f "./results/offline-e2e.trx" ]; then
# Parse test results
TOTAL=$(grep -o 'total="[0-9]*"' ./results/offline-e2e.trx | cut -d'"' -f2 || echo "0")
PASSED=$(grep -o 'passed="[0-9]*"' ./results/offline-e2e.trx | cut -d'"' -f2 || echo "0")
FAILED=$(grep -o 'failed="[0-9]*"' ./results/offline-e2e.trx | cut -d'"' -f2 || echo "0")
echo "| Metric | Value |" >> $GITHUB_STEP_SUMMARY
echo "|--------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| Total Tests | ${TOTAL} |" >> $GITHUB_STEP_SUMMARY
echo "| Passed | ${PASSED} |" >> $GITHUB_STEP_SUMMARY
echo "| Failed | ${FAILED} |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if grep -q "NetworkIsolationViolation" ./results/offline-e2e.trx; then
echo "❌ **Network isolation was violated**" >> $GITHUB_STEP_SUMMARY
else
echo "✅ **Network isolation verified - no egress detected**" >> $GITHUB_STEP_SUMMARY
fi
else
echo "⚠️ No test results found" >> $GITHUB_STEP_SUMMARY
fi

39
.gitea/workflows/replay-verification.yml Normal file
View File

@@ -0,0 +1,39 @@
name: Replay Verification
on:
pull_request:
paths:
- 'src/Scanner/**'
- 'src/__Libraries/StellaOps.Canonicalization/**'
- 'src/__Libraries/StellaOps.Replay/**'
- 'src/__Libraries/StellaOps.Testing.Manifests/**'
- 'bench/golden-corpus/**'
jobs:
replay-verification:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: '10.0.100'
- name: Build CLI
run: dotnet build src/Cli/StellaOps.Cli -c Release
- name: Run replay verification on corpus
run: |
dotnet run --project src/Cli/StellaOps.Cli -- replay batch \
--corpus bench/golden-corpus/ \
--output results/ \
--verify-determinism \
--fail-on-diff
- name: Upload diff report
if: failure()
uses: actions/upload-artifact@v4
with:
name: replay-diff-report
path: results/diff-report.json

20
bench/AGENTS.md Normal file
View File

@@ -0,0 +1,20 @@
# bench/AGENTS.md
## Purpose & Scope
- Working directory: `bench/` (benchmarks, golden corpus, determinism fixtures).
- Roles: QA engineer, performance/bench engineer, docs contributor.
## Required Reading (treat as read before DOING)
- `docs/README.md`
- `docs/19_TEST_SUITE_OVERVIEW.md`
- `bench/README.md`
- Sprint-specific guidance for corpus/bench artifacts.
## Working Agreements
- Deterministic artifacts: stable ordering, fixed seeds, UTC timestamps.
- Offline-friendly: no network dependencies in benchmarks unless explicitly required.
- Keep fixtures and manifests ASCII and reproducible; avoid oversized binaries when possible.
## Validation
- Validate manifests/fixtures with local scripts when available.
- Document any new fixtures in `bench/README.md` or sprint notes.

117
bench/golden-corpus/README.md
View File

@@ -1,12 +1,13 @@
# Golden Test Corpus # Golden Test Corpus
This directory contains the golden test corpus for StellaOps scoring validation. This directory contains the golden test corpus for StellaOps validation.
Each test case is a complete, reproducible scenario with known-good inputs and expected outputs. Each test case is a complete, reproducible scenario with known-good inputs and expected outputs.
## Schema Version ## Schema Version
**Corpus Version**: `1.0.0` **Corpus Version**: `1.0.0`
**Scoring Algorithm**: `v2.0` (See `docs/modules/scanner/scoring-algorithm.md`) **Run Manifest Schema**: `1.0.0`
**Evidence Index Schema**: `1.0.0`
**OpenVEX Schema**: `0.2.0` **OpenVEX Schema**: `0.2.0`
**SPDX Version**: `3.0.1` **SPDX Version**: `3.0.1`
**CycloneDX Version**: `1.6` **CycloneDX Version**: `1.6`
@@ -14,94 +15,58 @@ Each test case is a complete, reproducible scenario with known-good inputs and e
## Directory Structure ## Directory Structure
``` ```
golden-corpus/ bench/golden-corpus/
├── README.md # This file ├── README.md
├── corpus-manifest.json # Index of all test cases with hashes ├── corpus-manifest.json
├── corpus-version.json # Versioning metadata ├── corpus-version.json
├── categories/
├── severity-levels/ # CVE severity coverage ├── severity/
│ ├── critical/ │ ├── vex/
│ ├── high/ │ ├── reachability/
│ ├── medium/ │ ├── unknowns/
── low/ ── scale/
├── distro/
├── vex-scenarios/ # VEX override scenarios │ ├── interop/
│ ├── not-affected/ │ ├── negative/
── affected/ ── composite/
│ ├── fixed/ └── shared/
── under-investigation/ ── policies/
├── feeds/
├── reachability/ # Reachability analysis scenarios └── keys/
│ ├── reachable/
│ ├── unreachable/
│ └── unknown/
└── composite/ # Complex multi-factor scenarios
├── reachable-with-vex/
└── unreachable-high-severity/
``` ```
## Test Case Format ## Test Case Format
Each test case directory contains: Each test case directory contains:
| File | Description | | Path | Description |
|------|-------------| |------|-------------|
| `case.json` | Scenario metadata and description | | `case-manifest.json` | Case metadata |
| `sbom.spdx.json` | SPDX 3.0.1 SBOM | | `run-manifest.json` | Run manifest for replay |
| `sbom.cdx.json` | CycloneDX 1.6 SBOM (optional) | | `input/sbom-cyclonedx.json` | CycloneDX SBOM input |
| `manifest.json` | Scan manifest with digest bindings | | `input/sbom-spdx.json` | SPDX SBOM input |
| `vex.openvex.json` | OpenVEX document (if applicable) | | `input/image.tar.gz` | Image tarball (fixture) |
| `callgraph.json` | Static call graph (if reachability applies) | | `expected/verdict.json` | Expected verdict output |
| `proof-bundle.json` | Expected proof bundle structure | | `expected/evidence-index.json` | Expected evidence index |
| `expected-score.json` | Expected scoring output | | `expected/unknowns.json` | Expected unknowns output |
| `expected/delta-verdict.json` | Expected delta verdict |
## Expected Score Format ## Running Corpus Scripts
```json
{
"schema_version": "stellaops.golden.expected/v1",
"score_hash": "sha256:...",
"stella_score": 7.5,
"base_cvss": 9.8,
"temporal_cvss": 8.5,
"environmental_cvss": 7.5,
"vex_impact": -1.0,
"reachability_impact": -1.3,
"kev_flag": false,
"exploit_maturity": "proof-of-concept",
"determinism_salt": "frozen-2025-01-15T00:00:00Z"
}
```
## Running Golden Tests
```bash ```bash
# Run all golden tests python3 scripts/corpus/validate-corpus.py
dotnet test tests/integration/StellaOps.Integration.Determinism \ python3 scripts/corpus/generate-manifest.py
--filter "Category=GoldenCorpus" python3 scripts/corpus/check-determinism.py
python3 scripts/corpus/add-case.py --category severity --name SEV-009
# Regenerate expected outputs (after algorithm changes)
dotnet run --project bench/tools/corpus-regenerate -- \
--corpus-path bench/golden-corpus \
--algorithm-version v2.0
``` ```
## Adding New Cases
1. Create directory under appropriate category
2. Add all required files (see Test Case Format)
3. Run corpus validation: `dotnet run --project bench/tools/corpus-validate`
4. Update `corpus-manifest.json` hash entries
5. Commit with message: `corpus: add <case-id> for <scenario>`
## Versioning Policy ## Versioning Policy
- **Patch** (1.0.x): Add new cases, fix existing case data - **Patch** (1.0.x): Add new cases, fix existing case data
- **Minor** (1.x.0): Algorithm tuning that preserves relative ordering - **Minor** (1.x.0): Algorithm tuning that preserves relative ordering
- **Major** (x.0.0): Algorithm changes that alter expected scores - **Major** (x.0.0): Algorithm changes that alter expected outputs
When scoring algorithm changes: When algorithms change:
1. Increment corpus version 1. Increment corpus version
2. Regenerate all expected scores 2. Regenerate case outputs
3. Document changes in CHANGELOG.md 3. Update `corpus-manifest.json`

17
bench/golden-corpus/categories/composite/extra-001/case-manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "EXTRA-001",
"description": "Placeholder corpus case EXTRA-001",
"createdAt": "2025-12-22T13:57:24Z",
"inputs": [
"sbom-cyclonedx.json",
"sbom-spdx.json",
"image.tar.gz"
],
"expected": [
"verdict.json",
"evidence-index.json",
"unknowns.json",
"delta-verdict.json"
],
"category": "composite"
}

4
bench/golden-corpus/categories/composite/extra-001/expected/delta-verdict.json Normal file
View File

@@ -0,0 +1,4 @@
{
"changes": 0,
"deltaId": "EXTRA-001-delta"
}

10
bench/golden-corpus/categories/composite/extra-001/expected/evidence-index.json Normal file
View File

@@ -0,0 +1,10 @@
{
"sboms": [
],
"indexId": "EXTRA-001-index",
"attestations": [
],
"createdAt": "2025-12-22T13:57:24.8027150Z"
}

5
bench/golden-corpus/categories/composite/extra-001/expected/unknowns.json Normal file
View File

@@ -0,0 +1,5 @@
{
"unknowns": [
]
}

5
bench/golden-corpus/categories/composite/extra-001/expected/verdict.json Normal file
View File

@@ -0,0 +1,5 @@
{
"status": "pass",
"digest": "sha256:extra-001",
"verdictId": "EXTRA-001"
}

0
bench/golden-corpus/categories/composite/extra-001/input/image.tar.gz Normal file
View File

11
bench/golden-corpus/categories/composite/extra-001/input/sbom-cyclonedx.json Normal file
View File

@@ -0,0 +1,11 @@
{
"bomFormat": "CycloneDX",
"components": [
],
"specVersion": "1.6",
"version": 1,
"metadata": {
"timestamp": "2025-12-22T13:57:24.8027150Z"
}
}

8
bench/golden-corpus/categories/composite/extra-001/input/sbom-spdx.json Normal file
View File

@@ -0,0 +1,8 @@
{
"created": "2025-12-22T13:57:24.8027150Z",
"name": "EXTRA-001",
"elements": [
],
"spdxVersion": "SPDX-3.0.1"
}

44
bench/golden-corpus/categories/composite/extra-001/run-manifest.json Normal file
View File

@@ -0,0 +1,44 @@
{
"runId": "EXTRA-001-run",
"environmentProfile": {
"valkeyEnabled": false,
"name": "postgres-only"
},
"feedSnapshot": {
"feedId": "nvd",
"snapshotAt": "2025-12-22T13:57:24.8037246Z",
"version": "v1",
"digest": "sha256:stub"
},
"cryptoProfile": {
"trustRootIds": [
],
"allowedAlgorithms": [
],
"profileName": "default"
},
"canonicalizationVersion": "1.0.0",
"toolVersions": {
"reachabilityEngineVersion": "0.0.0",
"additionalTools": {
},
"sbomGeneratorVersion": "0.0.0",
"attestorVersion": "0.0.0",
"scannerVersion": "0.0.0"
},
"policySnapshot": {
"enabledRules": [
],
"latticeRulesDigest": "sha256:stub",
"policyVersion": "1.0.0"
},
"artifactDigests": [
],
"schemaVersion": "1.0.0",
"initiatedAt": "2025-12-22T13:57:24.8037246Z"
}

17
bench/golden-corpus/categories/composite/extra-002/case-manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "EXTRA-002",
"description": "Placeholder corpus case EXTRA-002",
"createdAt": "2025-12-22T13:57:24Z",
"inputs": [
"sbom-cyclonedx.json",
"sbom-spdx.json",
"image.tar.gz"
],
"expected": [
"verdict.json",
"evidence-index.json",
"unknowns.json",
"delta-verdict.json"
],
"category": "composite"
}

4
bench/golden-corpus/categories/composite/extra-002/expected/delta-verdict.json Normal file
View File

@@ -0,0 +1,4 @@
{
"changes": 0,
"deltaId": "EXTRA-002-delta"
}

10
bench/golden-corpus/categories/composite/extra-002/expected/evidence-index.json Normal file
View File

@@ -0,0 +1,10 @@
{
"sboms": [
],
"indexId": "EXTRA-002-index",
"attestations": [
],
"createdAt": "2025-12-22T13:57:24.8181543Z"
}

5
bench/golden-corpus/categories/composite/extra-002/expected/unknowns.json Normal file
View File

@@ -0,0 +1,5 @@
{
"unknowns": [
]
}

5
bench/golden-corpus/categories/composite/extra-002/expected/verdict.json Normal file
View File

@@ -0,0 +1,5 @@
{
"status": "pass",
"digest": "sha256:extra-002",
"verdictId": "EXTRA-002"
}

0
bench/golden-corpus/categories/composite/extra-002/input/image.tar.gz Normal file
View File

11
bench/golden-corpus/categories/composite/extra-002/input/sbom-cyclonedx.json Normal file
View File

@@ -0,0 +1,11 @@
{
"bomFormat": "CycloneDX",
"components": [
],
"specVersion": "1.6",
"version": 1,
"metadata": {
"timestamp": "2025-12-22T13:57:24.8181543Z"
}
}

8
bench/golden-corpus/categories/composite/extra-002/input/sbom-spdx.json Normal file
View File

@@ -0,0 +1,8 @@
{
"created": "2025-12-22T13:57:24.8181543Z",
"name": "EXTRA-002",
"elements": [
],
"spdxVersion": "SPDX-3.0.1"
}

44
bench/golden-corpus/categories/composite/extra-002/run-manifest.json Normal file
View File

@@ -0,0 +1,44 @@
{
"runId": "EXTRA-002-run",
"environmentProfile": {
"valkeyEnabled": false,
"name": "postgres-only"
},
"feedSnapshot": {
"feedId": "nvd",
"snapshotAt": "2025-12-22T13:57:24.8191542Z",
"version": "v1",
"digest": "sha256:stub"
},
"cryptoProfile": {
"trustRootIds": [
],
"allowedAlgorithms": [
],
"profileName": "default"
},
"canonicalizationVersion": "1.0.0",
"toolVersions": {
"reachabilityEngineVersion": "0.0.0",
"additionalTools": {
},
"sbomGeneratorVersion": "0.0.0",
"attestorVersion": "0.0.0",
"scannerVersion": "0.0.0"
},
"policySnapshot": {
"enabledRules": [
],
"latticeRulesDigest": "sha256:stub",
"policyVersion": "1.0.0"
},
"artifactDigests": [
],
"schemaVersion": "1.0.0",
"initiatedAt": "2025-12-22T13:57:24.8191542Z"
}

17
bench/golden-corpus/categories/composite/extra-003/case-manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "EXTRA-003",
"description": "Placeholder corpus case EXTRA-003",
"createdAt": "2025-12-22T13:57:24Z",
"inputs": [
"sbom-cyclonedx.json",
"sbom-spdx.json",
"image.tar.gz"
],
"expected": [
"verdict.json",
"evidence-index.json",
"unknowns.json",
"delta-verdict.json"
],
"category": "composite"
}

4
bench/golden-corpus/categories/composite/extra-003/expected/delta-verdict.json Normal file
View File

@@ -0,0 +1,4 @@
{
"changes": 0,
"deltaId": "EXTRA-003-delta"
}

10
bench/golden-corpus/categories/composite/extra-003/expected/evidence-index.json Normal file
View File

@@ -0,0 +1,10 @@
{
"sboms": [
],
"indexId": "EXTRA-003-index",
"attestations": [
],
"createdAt": "2025-12-22T13:57:24.8360597Z"
}

5
bench/golden-corpus/categories/composite/extra-003/expected/unknowns.json Normal file
View File

@@ -0,0 +1,5 @@
{
"unknowns": [
]
}

5
bench/golden-corpus/categories/composite/extra-003/expected/verdict.json Normal file
View File

@@ -0,0 +1,5 @@
{
"status": "pass",
"digest": "sha256:extra-003",
"verdictId": "EXTRA-003"
}

0
bench/golden-corpus/categories/composite/extra-003/input/image.tar.gz Normal file
View File

11
bench/golden-corpus/categories/composite/extra-003/input/sbom-cyclonedx.json Normal file
View File

@@ -0,0 +1,11 @@
{
"bomFormat": "CycloneDX",
"components": [
],
"specVersion": "1.6",
"version": 1,
"metadata": {
"timestamp": "2025-12-22T13:57:24.8360597Z"
}
}

8
bench/golden-corpus/categories/composite/extra-003/input/sbom-spdx.json Normal file
View File

@@ -0,0 +1,8 @@
{
"created": "2025-12-22T13:57:24.8360597Z",
"name": "EXTRA-003",
"elements": [
],
"spdxVersion": "SPDX-3.0.1"
}

44
bench/golden-corpus/categories/composite/extra-003/run-manifest.json Normal file
View File

@@ -0,0 +1,44 @@
{
"runId": "EXTRA-003-run",
"environmentProfile": {
"valkeyEnabled": false,
"name": "postgres-only"
},
"feedSnapshot": {
"feedId": "nvd",
"snapshotAt": "2025-12-22T13:57:24.8370133Z",
"version": "v1",
"digest": "sha256:stub"
},
"cryptoProfile": {
"trustRootIds": [
],
"allowedAlgorithms": [
],
"profileName": "default"
},
"canonicalizationVersion": "1.0.0",
"toolVersions": {
"reachabilityEngineVersion": "0.0.0",
"additionalTools": {
},
"sbomGeneratorVersion": "0.0.0",
"attestorVersion": "0.0.0",
"scannerVersion": "0.0.0"
},
"policySnapshot": {
"enabledRules": [
],
"latticeRulesDigest": "sha256:stub",
"policyVersion": "1.0.0"
},
"artifactDigests": [
],
"schemaVersion": "1.0.0",
"initiatedAt": "2025-12-22T13:57:24.8370133Z"
}

17
bench/golden-corpus/categories/composite/extra-004/case-manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "EXTRA-004",
"description": "Placeholder corpus case EXTRA-004",
"createdAt": "2025-12-22T13:57:24Z",
"inputs": [
"sbom-cyclonedx.json",
"sbom-spdx.json",
"image.tar.gz"
],
"expected": [
"verdict.json",
"evidence-index.json",
"unknowns.json",
"delta-verdict.json"
],
"category": "composite"
}

4
bench/golden-corpus/categories/composite/extra-004/expected/delta-verdict.json Normal file
View File

@@ -0,0 +1,4 @@
{
"changes": 0,
"deltaId": "EXTRA-004-delta"
}

10
bench/golden-corpus/categories/composite/extra-004/expected/evidence-index.json Normal file
View File

@@ -0,0 +1,10 @@
{
"sboms": [
],
"indexId": "EXTRA-004-index",
"attestations": [
],
"createdAt": "2025-12-22T13:57:24.8588914Z"
}

5
bench/golden-corpus/categories/composite/extra-004/expected/unknowns.json Normal file
View File

@@ -0,0 +1,5 @@
{
"unknowns": [
]
}

5
bench/golden-corpus/categories/composite/extra-004/expected/verdict.json Normal file
View File

@@ -0,0 +1,5 @@
{
"status": "pass",
"digest": "sha256:extra-004",
"verdictId": "EXTRA-004"
}

0
bench/golden-corpus/categories/composite/extra-004/input/image.tar.gz Normal file
View File

11
bench/golden-corpus/categories/composite/extra-004/input/sbom-cyclonedx.json Normal file
View File

@@ -0,0 +1,11 @@
{
"bomFormat": "CycloneDX",
"components": [
],
"specVersion": "1.6",
"version": 1,
"metadata": {
"timestamp": "2025-12-22T13:57:24.8588914Z"
}
}

8
bench/golden-corpus/categories/composite/extra-004/input/sbom-spdx.json Normal file
View File

@@ -0,0 +1,8 @@
{
"created": "2025-12-22T13:57:24.8588914Z",
"name": "EXTRA-004",
"elements": [
],
"spdxVersion": "SPDX-3.0.1"
}

44
bench/golden-corpus/categories/composite/extra-004/run-manifest.json Normal file
View File

@@ -0,0 +1,44 @@
{
"runId": "EXTRA-004-run",
"environmentProfile": {
"valkeyEnabled": false,
"name": "postgres-only"
},
"feedSnapshot": {
"feedId": "nvd",
"snapshotAt": "2025-12-22T13:57:24.8598906Z",
"version": "v1",
"digest": "sha256:stub"
},
"cryptoProfile": {
"trustRootIds": [
],
"allowedAlgorithms": [
],
"profileName": "default"
},
"canonicalizationVersion": "1.0.0",
"toolVersions": {
"reachabilityEngineVersion": "0.0.0",
"additionalTools": {
},
"sbomGeneratorVersion": "0.0.0",
"attestorVersion": "0.0.0",
"scannerVersion": "0.0.0"
},
"policySnapshot": {
"enabledRules": [
],
"latticeRulesDigest": "sha256:stub",
"policyVersion": "1.0.0"
},
"artifactDigests": [
],
"schemaVersion": "1.0.0",
"initiatedAt": "2025-12-22T13:57:24.8598906Z"
}

17
bench/golden-corpus/categories/composite/extra-005/case-manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "EXTRA-005",
"description": "Placeholder corpus case EXTRA-005",
"createdAt": "2025-12-22T13:57:24Z",
"inputs": [
"sbom-cyclonedx.json",
"sbom-spdx.json",
"image.tar.gz"
],
"expected": [
"verdict.json",
"evidence-index.json",
"unknowns.json",
"delta-verdict.json"
],
"category": "composite"
}

4
bench/golden-corpus/categories/composite/extra-005/expected/delta-verdict.json Normal file
View File

@@ -0,0 +1,4 @@
{
"changes": 0,
"deltaId": "EXTRA-005-delta"
}

10
bench/golden-corpus/categories/composite/extra-005/expected/evidence-index.json Normal file
View File

@@ -0,0 +1,10 @@
{
"sboms": [
],
"indexId": "EXTRA-005-index",
"attestations": [
],
"createdAt": "2025-12-22T13:57:24.8751465Z"
}

5
bench/golden-corpus/categories/composite/extra-005/expected/unknowns.json Normal file
View File

@@ -0,0 +1,5 @@
{
"unknowns": [
]
}

5
bench/golden-corpus/categories/composite/extra-005/expected/verdict.json Normal file
View File

@@ -0,0 +1,5 @@
{
"status": "pass",
"digest": "sha256:extra-005",
"verdictId": "EXTRA-005"
}

0
bench/golden-corpus/categories/composite/extra-005/input/image.tar.gz Normal file
View File

11
bench/golden-corpus/categories/composite/extra-005/input/sbom-cyclonedx.json Normal file
View File

@@ -0,0 +1,11 @@
{
"bomFormat": "CycloneDX",
"components": [
],
"specVersion": "1.6",
"version": 1,
"metadata": {
"timestamp": "2025-12-22T13:57:24.8751465Z"
}
}

8
bench/golden-corpus/categories/composite/extra-005/input/sbom-spdx.json Normal file
View File

@@ -0,0 +1,8 @@
{
"created": "2025-12-22T13:57:24.8751465Z",
"name": "EXTRA-005",
"elements": [
],
"spdxVersion": "SPDX-3.0.1"
}

44
bench/golden-corpus/categories/composite/extra-005/run-manifest.json Normal file
View File

@@ -0,0 +1,44 @@
{
"runId": "EXTRA-005-run",
"environmentProfile": {
"valkeyEnabled": false,
"name": "postgres-only"
},
"feedSnapshot": {
"feedId": "nvd",
"snapshotAt": "2025-12-22T13:57:24.8761542Z",
"version": "v1",
"digest": "sha256:stub"
},
"cryptoProfile": {
"trustRootIds": [
],
"allowedAlgorithms": [
],
"profileName": "default"
},
"canonicalizationVersion": "1.0.0",
"toolVersions": {
"reachabilityEngineVersion": "0.0.0",
"additionalTools": {
},
"sbomGeneratorVersion": "0.0.0",
"attestorVersion": "0.0.0",
"scannerVersion": "0.0.0"
},
"policySnapshot": {
"enabledRules": [
],
"latticeRulesDigest": "sha256:stub",
"policyVersion": "1.0.0"
},
"artifactDigests": [
],
"schemaVersion": "1.0.0",
"initiatedAt": "2025-12-22T13:57:24.8761542Z"
}

17
bench/golden-corpus/categories/composite/extra-006/case-manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "EXTRA-006",
"description": "Placeholder corpus case EXTRA-006",
"createdAt": "2025-12-22T13:57:24Z",
"inputs": [
"sbom-cyclonedx.json",
"sbom-spdx.json",
"image.tar.gz"
],
"expected": [
"verdict.json",
"evidence-index.json",
"unknowns.json",
"delta-verdict.json"
],
"category": "composite"
}

4
bench/golden-corpus/categories/composite/extra-006/expected/delta-verdict.json Normal file
View File

@@ -0,0 +1,4 @@
{
"changes": 0,
"deltaId": "EXTRA-006-delta"
}

10
bench/golden-corpus/categories/composite/extra-006/expected/evidence-index.json Normal file
View File

@@ -0,0 +1,10 @@
{
"sboms": [
],
"indexId": "EXTRA-006-index",
"attestations": [
],
"createdAt": "2025-12-22T13:57:24.8951568Z"
}

5
bench/golden-corpus/categories/composite/extra-006/expected/unknowns.json Normal file
View File

@@ -0,0 +1,5 @@
{
"unknowns": [
]
}

5
bench/golden-corpus/categories/composite/extra-006/expected/verdict.json Normal file
View File

@@ -0,0 +1,5 @@
{
"status": "pass",
"digest": "sha256:extra-006",
"verdictId": "EXTRA-006"
}

0
bench/golden-corpus/categories/composite/extra-006/input/image.tar.gz Normal file
View File

11
bench/golden-corpus/categories/composite/extra-006/input/sbom-cyclonedx.json Normal file
View File

@@ -0,0 +1,11 @@
{
"bomFormat": "CycloneDX",
"components": [
],
"specVersion": "1.6",
"version": 1,
"metadata": {
"timestamp": "2025-12-22T13:57:24.8941475Z"
}
}

8
bench/golden-corpus/categories/composite/extra-006/input/sbom-spdx.json Normal file
View File

@@ -0,0 +1,8 @@
{
"created": "2025-12-22T13:57:24.8941475Z",
"name": "EXTRA-006",
"elements": [
],
"spdxVersion": "SPDX-3.0.1"
}

44
bench/golden-corpus/categories/composite/extra-006/run-manifest.json Normal file
View File

@@ -0,0 +1,44 @@
{
"runId": "EXTRA-006-run",
"environmentProfile": {
"valkeyEnabled": false,
"name": "postgres-only"
},
"feedSnapshot": {
"feedId": "nvd",
"snapshotAt": "2025-12-22T13:57:24.8951568Z",
"version": "v1",
"digest": "sha256:stub"
},
"cryptoProfile": {
"trustRootIds": [
],
"allowedAlgorithms": [
],
"profileName": "default"
},
"canonicalizationVersion": "1.0.0",
"toolVersions": {
"reachabilityEngineVersion": "0.0.0",
"additionalTools": {
},
"sbomGeneratorVersion": "0.0.0",
"attestorVersion": "0.0.0",
"scannerVersion": "0.0.0"
},
"policySnapshot": {
"enabledRules": [
],
"latticeRulesDigest": "sha256:stub",
"policyVersion": "1.0.0"
},
"artifactDigests": [
],
"schemaVersion": "1.0.0",
"initiatedAt": "2025-12-22T13:57:24.8951568Z"
}

17
bench/golden-corpus/categories/composite/extra-007/case-manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "EXTRA-007",
"description": "Placeholder corpus case EXTRA-007",
"createdAt": "2025-12-22T13:57:24Z",
"inputs": [
"sbom-cyclonedx.json",
"sbom-spdx.json",
"image.tar.gz"
],
"expected": [
"verdict.json",
"evidence-index.json",
"unknowns.json",
"delta-verdict.json"
],
"category": "composite"
}

4
bench/golden-corpus/categories/composite/extra-007/expected/delta-verdict.json Normal file
View File

@@ -0,0 +1,4 @@
{
"changes": 0,
"deltaId": "EXTRA-007-delta"
}

10
bench/golden-corpus/categories/composite/extra-007/expected/evidence-index.json Normal file
View File

@@ -0,0 +1,10 @@
{
"sboms": [
],
"indexId": "EXTRA-007-index",
"attestations": [
],
"createdAt": "2025-12-22T13:57:24.9253920Z"
}

5
bench/golden-corpus/categories/composite/extra-007/expected/unknowns.json Normal file
View File

@@ -0,0 +1,5 @@
{
"unknowns": [
]
}

5
bench/golden-corpus/categories/composite/extra-007/expected/verdict.json Normal file
View File

@@ -0,0 +1,5 @@
{
"status": "pass",
"digest": "sha256:extra-007",
"verdictId": "EXTRA-007"
}

0
bench/golden-corpus/categories/composite/extra-007/input/image.tar.gz Normal file
View File

11
bench/golden-corpus/categories/composite/extra-007/input/sbom-cyclonedx.json Normal file
View File

@@ -0,0 +1,11 @@
{
"bomFormat": "CycloneDX",
"components": [
],
"specVersion": "1.6",
"version": 1,
"metadata": {
"timestamp": "2025-12-22T13:57:24.9243922Z"
}
}

8
bench/golden-corpus/categories/composite/extra-007/input/sbom-spdx.json Normal file
View File

@@ -0,0 +1,8 @@
{
"created": "2025-12-22T13:57:24.9243922Z",
"name": "EXTRA-007",
"elements": [
],
"spdxVersion": "SPDX-3.0.1"
}

44
bench/golden-corpus/categories/composite/extra-007/run-manifest.json Normal file
View File

@@ -0,0 +1,44 @@
{
"runId": "EXTRA-007-run",
"environmentProfile": {
"valkeyEnabled": false,
"name": "postgres-only"
},
"feedSnapshot": {
"feedId": "nvd",
"snapshotAt": "2025-12-22T13:57:24.9269031Z",
"version": "v1",
"digest": "sha256:stub"
},
"cryptoProfile": {
"trustRootIds": [
],
"allowedAlgorithms": [
],
"profileName": "default"
},
"canonicalizationVersion": "1.0.0",
"toolVersions": {
"reachabilityEngineVersion": "0.0.0",
"additionalTools": {
},
"sbomGeneratorVersion": "0.0.0",
"attestorVersion": "0.0.0",
"scannerVersion": "0.0.0"
},
"policySnapshot": {
"enabledRules": [
],
"latticeRulesDigest": "sha256:stub",
"policyVersion": "1.0.0"
},
"artifactDigests": [
],
"schemaVersion": "1.0.0",
"initiatedAt": "2025-12-22T13:57:24.9269031Z"
}

17
bench/golden-corpus/categories/composite/extra-008/case-manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "EXTRA-008",
"description": "Placeholder corpus case EXTRA-008",
"createdAt": "2025-12-22T13:57:24Z",
"inputs": [
"sbom-cyclonedx.json",
"sbom-spdx.json",
"image.tar.gz"
],
"expected": [
"verdict.json",
"evidence-index.json",
"unknowns.json",
"delta-verdict.json"
],
"category": "composite"
}

4
bench/golden-corpus/categories/composite/extra-008/expected/delta-verdict.json Normal file
View File

@@ -0,0 +1,4 @@
{
"changes": 0,
"deltaId": "EXTRA-008-delta"
}

10
bench/golden-corpus/categories/composite/extra-008/expected/evidence-index.json Normal file
View File

@@ -0,0 +1,10 @@
{
"sboms": [
],
"indexId": "EXTRA-008-index",
"attestations": [
],
"createdAt": "2025-12-22T13:57:24.9436128Z"
}

5
bench/golden-corpus/categories/composite/extra-008/expected/unknowns.json Normal file
View File

@@ -0,0 +1,5 @@
{
"unknowns": [
]
}

5
bench/golden-corpus/categories/composite/extra-008/expected/verdict.json Normal file
View File

@@ -0,0 +1,5 @@
{
"status": "pass",
"digest": "sha256:extra-008",
"verdictId": "EXTRA-008"
}

0
bench/golden-corpus/categories/composite/extra-008/input/image.tar.gz Normal file
View File

11
bench/golden-corpus/categories/composite/extra-008/input/sbom-cyclonedx.json Normal file
View File

@@ -0,0 +1,11 @@
{
"bomFormat": "CycloneDX",
"components": [
],
"specVersion": "1.6",
"version": 1,
"metadata": {
"timestamp": "2025-12-22T13:57:24.9436128Z"
}
}

8
bench/golden-corpus/categories/composite/extra-008/input/sbom-spdx.json Normal file
View File

@@ -0,0 +1,8 @@
{
"created": "2025-12-22T13:57:24.9436128Z",
"name": "EXTRA-008",
"elements": [
],
"spdxVersion": "SPDX-3.0.1"
}

44
bench/golden-corpus/categories/composite/extra-008/run-manifest.json Normal file
View File

@@ -0,0 +1,44 @@
{
"runId": "EXTRA-008-run",
"environmentProfile": {
"valkeyEnabled": false,
"name": "postgres-only"
},
"feedSnapshot": {
"feedId": "nvd",
"snapshotAt": "2025-12-22T13:57:24.9446123Z",
"version": "v1",
"digest": "sha256:stub"
},
"cryptoProfile": {
"trustRootIds": [
],
"allowedAlgorithms": [
],
"profileName": "default"
},
"canonicalizationVersion": "1.0.0",
"toolVersions": {
"reachabilityEngineVersion": "0.0.0",
"additionalTools": {
},
"sbomGeneratorVersion": "0.0.0",
"attestorVersion": "0.0.0",
"scannerVersion": "0.0.0"
},
"policySnapshot": {
"enabledRules": [
],
"latticeRulesDigest": "sha256:stub",
"policyVersion": "1.0.0"
},
"artifactDigests": [
],
"schemaVersion": "1.0.0",
"initiatedAt": "2025-12-22T13:57:24.9446123Z"
}

17
bench/golden-corpus/categories/distro/distro-001/case-manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "DISTRO-001",
"description": "Placeholder corpus case DISTRO-001",
"createdAt": "2025-12-22T13:57:24Z",
"inputs": [
"sbom-cyclonedx.json",
"sbom-spdx.json",
"image.tar.gz"
],
"expected": [
"verdict.json",
"evidence-index.json",
"unknowns.json",
"delta-verdict.json"
],
"category": "distro"
}

4
bench/golden-corpus/categories/distro/distro-001/expected/delta-verdict.json Normal file
View File

@@ -0,0 +1,4 @@
{
"changes": 0,
"deltaId": "DISTRO-001-delta"
}

10
bench/golden-corpus/categories/distro/distro-001/expected/evidence-index.json Normal file
View File

@@ -0,0 +1,10 @@
{
"sboms": [
],
"indexId": "DISTRO-001-index",
"attestations": [
],
"createdAt": "2025-12-22T13:57:24.5401402Z"
}

5
bench/golden-corpus/categories/distro/distro-001/expected/unknowns.json Normal file
View File

@@ -0,0 +1,5 @@
{
"unknowns": [
]
}

5
bench/golden-corpus/categories/distro/distro-001/expected/verdict.json Normal file
View File

@@ -0,0 +1,5 @@
{
"status": "pass",
"digest": "sha256:distro-001",
"verdictId": "DISTRO-001"
}

0
bench/golden-corpus/categories/distro/distro-001/input/image.tar.gz Normal file
View File

11
bench/golden-corpus/categories/distro/distro-001/input/sbom-cyclonedx.json Normal file
View File

@@ -0,0 +1,11 @@
{
"bomFormat": "CycloneDX",
"components": [
],
"specVersion": "1.6",
"version": 1,
"metadata": {
"timestamp": "2025-12-22T13:57:24.5401402Z"
}
}

8
bench/golden-corpus/categories/distro/distro-001/input/sbom-spdx.json Normal file
View File

@@ -0,0 +1,8 @@
{
"created": "2025-12-22T13:57:24.5401402Z",
"name": "DISTRO-001",
"elements": [
],
"spdxVersion": "SPDX-3.0.1"
}

44
bench/golden-corpus/categories/distro/distro-001/run-manifest.json Normal file
View File

@@ -0,0 +1,44 @@
{
"runId": "DISTRO-001-run",
"environmentProfile": {
"valkeyEnabled": false,
"name": "postgres-only"
},
"feedSnapshot": {
"feedId": "nvd",
"snapshotAt": "2025-12-22T13:57:24.5411477Z",
"version": "v1",
"digest": "sha256:stub"
},
"cryptoProfile": {
"trustRootIds": [
],
"allowedAlgorithms": [
],
"profileName": "default"
},
"canonicalizationVersion": "1.0.0",
"toolVersions": {
"reachabilityEngineVersion": "0.0.0",
"additionalTools": {
},
"sbomGeneratorVersion": "0.0.0",
"attestorVersion": "0.0.0",
"scannerVersion": "0.0.0"
},
"policySnapshot": {
"enabledRules": [
],
"latticeRulesDigest": "sha256:stub",
"policyVersion": "1.0.0"
},
"artifactDigests": [
],
"schemaVersion": "1.0.0",
"initiatedAt": "2025-12-22T13:57:24.5411477Z"
}

17
bench/golden-corpus/categories/distro/distro-002/case-manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "DISTRO-002",
"description": "Placeholder corpus case DISTRO-002",
"createdAt": "2025-12-22T13:57:24Z",
"inputs": [
"sbom-cyclonedx.json",
"sbom-spdx.json",
"image.tar.gz"
],
"expected": [
"verdict.json",
"evidence-index.json",
"unknowns.json",
"delta-verdict.json"
],
"category": "distro"
}

4
bench/golden-corpus/categories/distro/distro-002/expected/delta-verdict.json Normal file
View File

@@ -0,0 +1,4 @@
{
"changes": 0,
"deltaId": "DISTRO-002-delta"
}

10
bench/golden-corpus/categories/distro/distro-002/expected/evidence-index.json Normal file
View File

@@ -0,0 +1,10 @@
{
"sboms": [
],
"indexId": "DISTRO-002-index",
"attestations": [
],
"createdAt": "2025-12-22T13:57:24.5532520Z"
}

5
bench/golden-corpus/categories/distro/distro-002/expected/unknowns.json Normal file
View File

@@ -0,0 +1,5 @@
{
"unknowns": [
]
}

5
bench/golden-corpus/categories/distro/distro-002/expected/verdict.json Normal file
View File

@@ -0,0 +1,5 @@
{
"status": "pass",
"digest": "sha256:distro-002",
"verdictId": "DISTRO-002"
}

0
bench/golden-corpus/categories/distro/distro-002/input/image.tar.gz Normal file
View File

11
bench/golden-corpus/categories/distro/distro-002/input/sbom-cyclonedx.json Normal file
View File

@@ -0,0 +1,11 @@
{
"bomFormat": "CycloneDX",
"components": [
],
"specVersion": "1.6",
"version": 1,
"metadata": {
"timestamp": "2025-12-22T13:57:24.5522524Z"
}
}

8
bench/golden-corpus/categories/distro/distro-002/input/sbom-spdx.json Normal file
View File

@@ -0,0 +1,8 @@
{
"created": "2025-12-22T13:57:24.5522524Z",
"name": "DISTRO-002",
"elements": [
],
"spdxVersion": "SPDX-3.0.1"
}

44
bench/golden-corpus/categories/distro/distro-002/run-manifest.json Normal file
View File

@@ -0,0 +1,44 @@
{
"runId": "DISTRO-002-run",
"environmentProfile": {
"valkeyEnabled": false,
"name": "postgres-only"
},
"feedSnapshot": {
"feedId": "nvd",
"snapshotAt": "2025-12-22T13:57:24.5532520Z",
"version": "v1",
"digest": "sha256:stub"
},
"cryptoProfile": {
"trustRootIds": [
],
"allowedAlgorithms": [
],
"profileName": "default"
},
"canonicalizationVersion": "1.0.0",
"toolVersions": {
"reachabilityEngineVersion": "0.0.0",
"additionalTools": {
},
"sbomGeneratorVersion": "0.0.0",
"attestorVersion": "0.0.0",
"scannerVersion": "0.0.0"
},
"policySnapshot": {
"enabledRules": [
],
"latticeRulesDigest": "sha256:stub",
"policyVersion": "1.0.0"
},
"artifactDigests": [
],
"schemaVersion": "1.0.0",
"initiatedAt": "2025-12-22T13:57:24.5532520Z"
}

17
bench/golden-corpus/categories/distro/distro-003/case-manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "DISTRO-003",
"description": "Placeholder corpus case DISTRO-003",
"createdAt": "2025-12-22T13:57:24Z",
"inputs": [
"sbom-cyclonedx.json",
"sbom-spdx.json",
"image.tar.gz"
],
"expected": [
"verdict.json",
"evidence-index.json",
"unknowns.json",
"delta-verdict.json"
],
"category": "distro"
}

4
bench/golden-corpus/categories/distro/distro-003/expected/delta-verdict.json Normal file
View File

@@ -0,0 +1,4 @@
{
"changes": 0,
"deltaId": "DISTRO-003-delta"
}

10
bench/golden-corpus/categories/distro/distro-003/expected/evidence-index.json Normal file
View File

@@ -0,0 +1,10 @@
{
"sboms": [
],
"indexId": "DISTRO-003-index",
"attestations": [
],
"createdAt": "2025-12-22T13:57:24.5673518Z"
}

5
bench/golden-corpus/categories/distro/distro-003/expected/unknowns.json Normal file
View File

@@ -0,0 +1,5 @@
{
"unknowns": [
]
}

Some files were not shown because too many files have changed in this diff Show More