docs consolidation and others

docs/modules/excititor/samples/chunk-attestation-sample.json

@@ -0,0 +1,18 @@
+{
+  "subject_digest": "sha256:112233",
+  "predicates": {
+    "stellaops.vex.chunk.meta.v1": {
+      "tenant": "acme",
+      "source": "ghsa",
+      "schema": "stellaops.vex.chunk.v1",
+      "item_count": 1
+    },
+    "stellaops.vex.chunk.integrity.v1": {
+      "items": [
+        {"ordinal": 0, "sha256": "abc"}
+      ]
+    }
+  },
+  "signing_profile": "sovereign-default",
+  "transparency": null
+}

docs/modules/excititor/samples/chunk-sample.ndjson

@@ -0,0 +1 @@
+{"chunk_id":"11111111-2222-3333-4444-555555555555","tenant":"acme","source":"ghsa","schema":"stellaops.vex.chunk.v1","items":[{"advisory_id":"GHSA-123","status":"affected","purl":"pkg:npm/foo@1.0.0"}],"provenance":{"fetched_at":"2025-11-20T00:00:00Z","artifact_sha":"abc"}}

docs/modules/excititor/samples/chunks-sample.ndjson

@@ -0,0 +1,2 @@
+{"tenant":"demo","vulnerabilityId":"CVE-2024-1234","productKey":"pkg:pypi/django@3.2.24","observationId":"obs-001","statementId":"stmt-001","source":{"supplier":"upstream:osv","documentId":"osv:CVE-2024-1234","retrievedAt":"2025-11-18T12:00:00Z","signatureStatus":"missing"},"aoc":{"violations":[]},"evidence":{"type":"vex.statement","payload":{"status":"not_affected","justification":"component_not_present"}},"provenance":{"hash":"sha256:dummyhash","canonicalUri":null,"bundleId":null}}
+{"tenant":"demo","vulnerabilityId":"CVE-2024-2345","productKey":"pkg:pypi/requests@2.31.0","observationId":"obs-002","statementId":"stmt-001","source":{"supplier":"upstream:osv","documentId":"osv:CVE-2024-2345","retrievedAt":"2025-11-18T12:05:00Z","signatureStatus":"unverified"},"aoc":{"violations":[{"code":"EVIDENCE_SIGNATURE_MISSING","surface":"ingest"}]},"evidence":{"type":"vex.statement","payload":{"status":"affected","impact":"info","details":"placeholder"}},"provenance":{"hash":"sha256:dummyhash2","canonicalUri":null,"bundleId":null}}

docs/modules/excititor/samples/chunks-sample.ndjson.sha256

@@ -0,0 +1 @@
+4d638b24d6f8f703bcbcac23a0185265f3db5defb9f3d7f33b7be7fccc0de738  docs/samples/excititor/chunks-sample.ndjson

docs/modules/excititor/samples/connector-signer-metadata-sample.json

@@ -0,0 +1,93 @@
+{
+  "schemaVersion": "1.0.0",
+  "generatedAt": "2025-11-20T00:00:00Z",
+  "connectors": [
+    {
+      "connectorId": "excititor:msrc",
+      "provider": { "name": "Microsoft Security Response Center", "slug": "msrc" },
+      "issuerTier": "tier-1",
+      "signers": [
+        {
+          "usage": "csaf",
+          "fingerprints": [
+            {"alg": "sha256", "format": "pgp", "value": "F1C3D9E4A7B28C5FD6E1A203B947C2A0C5D8BEEF"},
+            {"alg": "sha256", "format": "x509-spki", "value": "5A1F4C0E9B27D0C64EAC1F22C3F501AA9FCB77AC8B1D4F9F3EA7E6B4CE90F311"}
+          ],
+          "keyLocator": "oci://mirror.stella.local/keys/msrc-csaf@sha256:793dd8a6..."
+        }
+      ],
+      "bundle": {
+        "kind": "oci-referrer",
+        "uri": "oci://mirror.stella.local/msrc/csaf:2025-11-19",
+        "digest": "sha256:4b8c9fd6e479e1b6dcd2e7ed93a85c1c7d6052f7b4a6b83471e44f5c9c2a1f30",
+        "publishedAt": "2025-11-19T12:00:00Z"
+      },
+      "validFrom": "2025-11-01"
+    },
+    {
+      "connectorId": "excititor:oracle",
+      "provider": { "name": "Oracle", "slug": "oracle" },
+      "issuerTier": "tier-1",
+      "signers": [
+        {
+          "usage": "oval",
+          "fingerprints": [
+            {"alg": "sha256", "format": "x509-spki", "value": "6E3AC4A95BD5402F4C7E9B2371190E0F3B3C11C7B42B88652E7EE0F659A0D202"}
+          ],
+          "keyLocator": "file://offline-kits/oracle/oval/signing-chain.pem",
+          "certificateChain": ["-----BEGIN CERTIFICATE-----\nMIID...oracle-root...\n-----END CERTIFICATE-----"]
+        }
+      ],
+      "bundle": {
+        "kind": "file",
+        "uri": "file://offline-kits/oracle/oval/oval-feed-2025-11-18.tar.gz",
+        "digest": "sha256:b13b1b84af1da7ee3433e0c6c0cc28a8b5c7d3e52d93b9f86d4a4b0f1dcd8f05",
+        "publishedAt": "2025-11-18T09:30:00Z"
+      },
+      "validFrom": "2025-10-15"
+    },
+    {
+      "connectorId": "excititor:oci.openvex.attest",
+      "provider": { "name": "StellaOps Mirror", "slug": "stella-mirror" },
+      "issuerTier": "tier-0",
+      "signers": [
+        {
+          "usage": "openvex",
+          "fingerprints": [
+            {"alg": "sha256", "format": "cosign", "value": "a0c1d4e5f6b7982134d56789e0fab12345cdef6789abcdeffedcba9876543210"}
+          ],
+          "keyLocator": "oci://mirror.stella.local/keys/stella-mirror-openvex:1",
+          "certificateChain": []
+        }
+      ],
+      "bundle": {
+        "kind": "oci-tag",
+        "uri": "oci://mirror.stella.local/stellaops/openvex:2025-11-19",
+        "digest": "sha256:77f6c0b8f2c9845c7d0a4f3b783b0caf00cce6fb899319ff69cb941fe2c58010",
+        "publishedAt": "2025-11-19T15:00:00Z"
+      },
+      "validFrom": "2025-11-15"
+    },
+    {
+      "connectorId": "excititor:ubuntu",
+      "provider": { "name": "Ubuntu Security", "slug": "ubuntu" },
+      "issuerTier": "tier-2",
+      "signers": [
+        {
+          "usage": "oval",
+          "fingerprints": [
+            {"alg": "sha256", "format": "pgp", "value": "7D19E3B4A5F67C103CB0B4DE0FA28F90D6E4C1D2"}
+          ],
+          "keyLocator": "tuf://mirror.stella.local/tuf/ubuntu/targets/oval-signing.pub"
+        }
+      ],
+      "bundle": {
+        "kind": "tuf",
+        "uri": "tuf://mirror.stella.local/tuf/ubuntu/oval/targets/oval-2025-11-18.tar.gz",
+        "digest": "sha256:e41c4fc15132f8848e9924a1a0f1a247d3c56da87b7735b6c6d8cbe64f0f07e5",
+        "publishedAt": "2025-11-18T07:00:00Z"
+      },
+      "validFrom": "2025-11-01"
+    }
+  ]
+}

docs/modules/excititor/samples/connector-signer-metadata-sample.json.sha256

@@ -0,0 +1 @@
+a2f0986d938d877adf01a76b7a9e79cc148f330e57348569619485feb994df1d  connector-signer-metadata-sample.json

docs/modules/excititor/samples/vex-overlay-sample.json

@@ -0,0 +1,50 @@
+{
+  "schemaVersion": "1.0.0",
+  "generatedAt": "2025-12-10T00:00:00Z",
+  "tenant": "tenant-default",
+  "purl": "pkg:maven/org.example/foo@1.2.3",
+  "advisoryId": "GHSA-xxxx-yyyy-zzzz",
+  "source": "ghsa",
+  "status": "affected",
+  "justifications": [
+    {
+      "kind": "known_affected",
+      "reason": "Upstream GHSA reports affected range <1.3.0.",
+      "evidence": ["concelier:ghsa:obs:6561e41b3e3f4a6e9d3b91c1"],
+      "weight": 0.8
+    }
+  ],
+  "conflicts": [
+    {
+      "field": "affected.versions",
+      "reason": "vendor_range_differs",
+      "values": ["<1.2.0", "<=1.3.0"],
+      "sourceIds": [
+        "concelier:redhat:obs:6561e41b3e3f4a6e9d3b91a1",
+        "concelier:ghsa:obs:6561e41b3e3f4a6e9d3b91c1"
+      ]
+    }
+  ],
+  "observations": [
+    {
+      "id": "concelier:ghsa:obs:6561e41b3e3f4a6e9d3b91c1",
+      "contentHash": "sha256:1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd",
+      "fetchedAt": "2025-11-19T00:00:00Z"
+    }
+  ],
+  "provenance": {
+    "linksetId": "concelier:ghsa:linkset:6561e41b3e3f4a6e9d3b91d0",
+    "linksetHash": "sha256:deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead",
+    "observationHashes": [
+      "sha256:1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
+    ],
+    "policyHash": "sha256:0f7c0f7c0f7c0f7c0f7c0f7c0f7c0f7c0f7c0f7c0f7c0f7c0f7c0f7c0f7c0f7c",
+    "sbomContextHash": "sha256:421af53f9eeba6903098d292fbd56f98be62ea6130b5161859889bf11d699d18",
+    "planCacheKey": "tenant-default|pkg:maven/org.example/foo@1.2.3|GHSA-xxxx-yyyy-zzzz"
+  },
+  "cache": {
+    "cached": true,
+    "cachedAt": "2025-12-10T00:00:00Z",
+    "ttlSeconds": 300
+  }
+}