docs consolidation and others

docs/modules/concelier/samples/linkset-ghsa.json

@@ -0,0 +1,26 @@
+{
+  "_id": "0000000000000000000000aa",
+  "tenantId": "demo-tenant",
+  "source": "ghsa",
+  "advisoryId": "GHSA-xxxx-yyyy",
+  "observations": [ "000000000000000000000001" ],
+  "normalized": {
+    "purls": [ "pkg:npm/example" ],
+    "versions": [ "1.2.3" ],
+    "ranges": [ { "type": "semver", "events": [ { "introduced": "0" }, { "fixed": "1.2.4" } ] } ],
+    "severities": [ { "system": "cvssv3.1", "score": 7.5, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ],
+    "scopes": [ "runtime", "build" ],
+    "relationships": [
+      { "type": "depends_on", "source": "pkg:npm/example@1.2.3", "target": "pkg:npm/lib@4.5.6", "provenance": "sbom:inventory-2025-10-01" }
+    ]
+  },
+  "confidence": 1.0,
+  "conflicts": [],
+  "createdAt": "2025-10-06T12:05:00Z",
+  "builtByJobId": "linkset-builder-456",
+  "provenance": {
+    "observationHashes": [ "sha256:abc123" ],
+    "toolVersion": "lnm-1.0.0",
+    "policyHash": "sha256:def456"
+  }
+}

docs/modules/concelier/samples/linkset-lnm-21-002-conflict.json

@@ -0,0 +1,74 @@
+{
+  "_id": "sha256:7b0c471f0b2c4c5f9e19f7bff4c3d9e4e7b2cbf7d5c3e0a58a0cc3314d2c9a10",
+  "tenantId": "urn:tenant:123e4567-e89b-12d3-a456-426614174000",
+  "advisoryId": "GHSA-aaaa-bbbb-cccc",
+  "source": "lnm-correlator",
+  "observations": [
+    "6560606df3c5d6ad3b5b0001",
+    "6560606df3c5d6ad3b5b0002",
+    "6560606df3c5d6ad3b5b0003"
+  ],
+  "key": {
+    "vulnerabilityId": "GHSA-aaaa-bbbb-cccc",
+    "productKey": "pkg:npm/leftpad",
+    "confidence": 0.63
+  },
+  "normalized": {
+    "purls": ["pkg:npm/leftpad"],
+    "versions": ["1.3.0", "1.4.0"],
+    "ranges": [
+      {"type": "semver", "events": [{"introduced": "0"}, {"fixed": "1.3.0"}]},
+      {"type": "semver", "events": [{"introduced": "1.3.0"}, {"fixed": "1.5.0"}]}
+    ],
+    "severities": [
+      {"system": "cvssv3", "score": 5.0, "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"},
+      {"system": "cvssv4", "score": 4.8, "vector": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}
+    ]
+  },
+  "conflicts": [
+    {
+      "field": "severity",
+      "reason": "severity-mismatch",
+      "values": [
+        "vendorA:7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+        "vendorB:5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"
+      ]
+    },
+    {
+      "field": "affected",
+      "reason": "affected-range-divergence",
+      "values": [
+        "vendorA:[0,1.3.0]",
+        "vendorB:[1.3.0,1.5.0]",
+        "vendorC:1.4.x only"
+      ]
+    },
+    {
+      "field": "aliases",
+      "reason": "alias-inconsistency",
+      "values": [
+        "vendorA:GHSA-aaaa-bbbb-cccc",
+        "vendorB:CVE-2024-11111"
+      ]
+    },
+    {
+      "field": "references",
+      "reason": "reference-clash",
+      "values": [
+        "vendorA:https://blog.example.com/advisory",
+        "vendorB:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11111"
+      ]
+    }
+  ],
+  "provenance": {
+    "observationHashes": [
+      "8f0f9406349e62a7a9c28b24ec77cbb3b2a13f57d8dc2ed594a2c3fe6edbe201",
+      "0e3ae50c3b2ab9e0ec2bf531d1a61583d79b4b0abeb8ec59269afeb7b8b5f050",
+      "8c87cfcc22ebb7fa6e0c0e9e3d1de0d812e2fd6b05e8c6b0f2c8c7b7f988aaa2"
+    ],
+    "toolVersion": "lnm-21-002",
+    "policyHash": "linkset-correlation-21-002"
+  },
+  "createdAt": "2025-11-20T15:10:00Z",
+  "builtByJobId": "corr-tenant123-ghsa-aaaa-bbbb-cccc"
+}

docs/modules/concelier/samples/linkset-lnm-21-002-sample.json

@@ -0,0 +1,36 @@
+{
+  "_id": "sha256:1f4b6e7c9d5f4e8f4973c8c3dfe1d1d3b4f0ad8991e7d937c6c1d77a9e4b8a21",
+  "tenantId": "urn:tenant:123e4567-e89b-12d3-a456-426614174000",
+  "advisoryId": "CVE-2024-99999",
+  "source": "lnm-correlator",
+  "observations": [
+    "6560606df3c5d6ad3b5a1234",
+    "6560606df3c5d6ad3b5a5678"
+  ],
+  "key": {
+    "vulnerabilityId": "CVE-2024-99999",
+    "productKey": "pkg:npm/lodash",
+    "confidence": 0.92
+  },
+  "normalized": {
+    "purls": ["pkg:npm/lodash"],
+    "versions": ["4.17.21"],
+    "ranges": [
+      {"type": "semver", "events": [{"introduced": "0"}, {"fixed": "4.17.22"}]}
+    ],
+    "severities": [
+      {"system": "cvssv3", "score": 7.5, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}
+    ]
+  },
+  "conflicts": [],
+  "provenance": {
+    "observationHashes": [
+      "10f4fc0b5c1a1d4c266fafd2b4f45618f6a0a4b86087c3e67e4c1a2c8f38e990",
+      "10f4fc0b5c1a1d4c266fafd2b4f45618f6a0a4b86087c3e67e4c1a2c8f38e991"
+    ],
+    "toolVersion": "lnm-21-002",
+    "policyHash": "linkset-correlation-21-002"
+  },
+  "createdAt": "2025-11-20T15:05:00Z",
+  "builtByJobId": "corr-tenant123-cve-2024-99999"
+}

docs/modules/concelier/samples/observation-ghsa.json

@@ -0,0 +1,28 @@
+{
+  "_id": "000000000000000000000001",
+  "tenantId": "demo-tenant",
+  "source": "ghsa",
+  "advisoryId": "GHSA-xxxx-yyyy",
+  "title": "Example GHSA vuln",
+  "summary": "Example summary",
+  "severities": [ { "system": "cvssv3.1", "score": 7.5, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ],
+  "affected": [ {
+    "purl": "pkg:npm/example@1.2.3",
+    "versions": [ "1.2.3" ],
+    "ranges": [ { "type": "semver", "events": [ { "introduced": "0" }, { "fixed": "1.2.4" } ] } ]
+  } ],
+  "scopes": [ "runtime", "build" ],
+  "relationships": [
+    { "type": "depends_on", "source": "pkg:npm/example@1.2.3", "target": "pkg:npm/lib@4.5.6", "provenance": "sbom:inventory-2025-10-01" }
+  ],
+  "references": [ "https://github.com/example/advisory" ],
+  "weaknesses": [ "CWE-79" ],
+  "published": "2025-10-01T00:00:00Z",
+  "modified": "2025-10-05T00:00:00Z",
+  "provenance": {
+    "sourceArtifactSha": "sha256:abc123",
+    "fetchedAt": "2025-10-06T12:00:00Z",
+    "ingestJobId": "ingest-123"
+  },
+  "ingestedAt": "2025-10-06T12:01:00Z"
+}