docs consolidation and others

2026-01-06 19:02:21 +02:00
parent d7bdca6d97
commit 4789027317
849 changed files with 16551 additions and 66770 deletions
--- a/docs/modules/signals/events/samples/advisoryai.evidence.bundle@0.sample.json
+++ b/docs/modules/signals/events/samples/advisoryai.evidence.bundle@0.sample.json
@@ -0,0 +1,32 @@
+{
+  "bundleId": "19bd7cf7-c7a6-4c1c-9b9c-6f2f794e9b1a",
+  "advisoryId": "CVE-2025-12345",
+  "tenant": "demo-tenant",
+  "generatedAt": "2025-11-18T12:00:00Z",
+  "schemaVersion": 0,
+  "observations": [
+    {
+      "observationId": "obs-001",
+      "source": "vendor.psirt",
+      "purl": "pkg:maven/org.example/app@1.2.3",
+      "cve": "CVE-2025-12345",
+      "severity": "critical",
+      "cvss": {
+        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+        "score": 9.8
+      },
+      "summary": "Remote code execution via deserialization of untrusted data.",
+      "evidence": {
+        "statement": "Vendor confirms unauthenticated RCE in versions <1.2.4",
+        "references": ["https://example.com/advisory"]
+      }
+    }
+  ],
+  "signatures": [
+    {
+      "signature": "MEQCID...==",
+      "keyId": "authority-root-1",
+      "algorithm": "ecdsa-p256-sha256"
+    }
+  ]
+}
--- a/docs/modules/signals/events/samples/attestor.logged@1.sample.json
+++ b/docs/modules/signals/events/samples/attestor.logged@1.sample.json
@@ -0,0 +1,21 @@
+{
+  "eventId": "1fdcaa1a-7a27-4154-8bac-cf813d8f4f6f",
+  "kind": "attestor.logged",
+  "tenant": "tenant-acme-solar",
+  "ts": "2025-10-18T15:45:27+00:00",
+  "payload": {
+    "artifactSha256": "sha256:8927d9151ad3f44e61a9c647511f9a31af2b4d245e7e031fe5cb4a0e8211c5d9",
+    "dsseEnvelopeDigest": "sha256:51c1dd189d5f16cfe87e82841d67b4fbc27d6fa9f5a09af0cd7e18945fb4c2a9",
+    "rekor": {
+      "index": 563421,
+      "url": "https://rekor.example/api/v1/log/entries/d6d0f897e7244edc9cb0bb2c68b05c96",
+      "uuid": "d6d0f897e7244edc9cb0bb2c68b05c96"
+    },
+    "signer": "cosign-stellaops",
+    "subject": {
+      "name": "scanner/report/sha256-0f0a8de5c1f93d6716b7249f6f4ea3a8",
+      "type": "report"
+    }
+  },
+  "attributes": {}
+}
--- a/docs/modules/signals/events/samples/scanner.event.report.ready@1.sample.json
+++ b/docs/modules/signals/events/samples/scanner.event.report.ready@1.sample.json
@@ -0,0 +1,141 @@
+{
+  "eventId": "6d2d1b77-f3c3-4f70-8a9d-6f2d0c8801ab",
+  "kind": "scanner.event.report.ready",
+  "version": 1,
+  "tenant": "tenant-alpha",
+  "occurredAt": "2025-10-19T12:34:56+00:00",
+  "recordedAt": "2025-10-19T12:34:57+00:00",
+  "source": "scanner.webservice",
+  "idempotencyKey": "scanner.event.report.ready:tenant-alpha:report-abc",
+  "correlationId": "report-abc",
+  "traceId": "0af7651916cd43dd8448eb211c80319c",
+  "spanId": "b7ad6b7169203331",
+  "scope": {
+    "namespace": "acme/edge",
+    "repo": "api",
+    "digest": "sha256:feedface"
+  },
+  "payload": {
+    "reportId": "report-abc",
+    "scanId": "report-abc",
+    "imageDigest": "sha256:feedface",
+    "generatedAt": "2025-10-19T12:34:56+00:00",
+    "verdict": "fail",
+    "summary": {
+      "total": 1,
+      "blocked": 1,
+      "warned": 0,
+      "ignored": 0,
+      "quieted": 0
+    },
+    "delta": {
+      "newCritical": 1,
+      "kev": [
+        "CVE-2024-9999"
+      ]
+    },
+    "quietedFindingCount": 0,
+    "policy": {
+      "revisionId": "rev-42",
+      "digest": "digest-123"
+    },
+    "links": {
+      "report": {
+        "ui": "https://scanner.example/ui/reports/report-abc",
+        "api": "https://scanner.example/api/v1/reports/report-abc"
+      },
+      "policy": {
+        "ui": "https://scanner.example/ui/policy/revisions/rev-42",
+        "api": "https://scanner.example/api/v1/policy/revisions/rev-42"
+      },
+      "attestation": {
+        "ui": "https://scanner.example/ui/attestations/report-abc",
+        "api": "https://scanner.example/api/v1/reports/report-abc/attestation"
+      }
+    },
+    "dsse": {
+      "payloadType": "application/vnd.stellaops.report+json",
+      "payload": "eyJyZXBvcnRJZCI6InJlcG9ydC1hYmMiLCJpbWFnZURpZ2VzdCI6InNoYTI1NjpmZWVkZmFjZSIsImdlbmVyYXRlZEF0IjoiMjAyNS0xMC0xOVQxMjozNDo1NiswMDowMCIsInZlcmRpY3QiOiJibG9ja2VkIiwicG9saWN5Ijp7InJldmlzaW9uSWQiOiJyZXYtNDIiLCJkaWdlc3QiOiJkaWdlc3QtMTIzIn0sInN1bW1hcnkiOnsidG90YWwiOjEsImJsb2NrZWQiOjEsIndhcm5lZCI6MCwiaWdub3JlZCI6MCwicXVpZXRlZCI6MH0sInZlcmRpY3RzIjpbeyJmaW5kaW5nSWQiOiJmaW5kaW5nLTEiLCJyZWFjaGFiaWxpdHkiOiJydW50aW1lIiwic2NvcmUiOjQ3LjUsInNvdXJjZVRydXN0IjoiTlZEIiwic3RhdHVzIjoiQmxvY2tlZCJ9XSwiaXNzdWVzIjpbXSwic3VyZmFjZSI6eyJ0ZW5hbnQiOiJ0ZW5hbnQtYWxwaGEiLCJnZW5lcmF0ZWRBdCI6IjIwMjUtMTAtMTlUMTI6MzQ6NTYrMDA6MDAiLCJtYW5pZmVzdERpZ2VzdCI6InNoYTI1Njo0ZmVlODdkMTg2MjkxZGRmYmJjYzJjNTZjOGVkMGU4Mjg1MjBiOGY1MmUxY2RlMGUxM2JiYTA4MmYxMDkxOGQ3IiwibWFuaWZlc3RVcmkiOiJjYXM6Ly9zY2FubmVyLWFydGlmYWN0cy9zY2FubmVyL3N1cmZhY2UvbWFuaWZlc3RzL3RlbmFudC1hbHBoYS9zaGEyNTYvNGYvZWUvNGZlZTg3ZDE4NjI5MWRkZmJiY2MyYzU2YzhlZDBlODI4NTIwYjhmNTJlMWNkZTBlMTNiYmEwODJmMTA5MThkNy5qc29uIiwibWFuaWZlc3QiOnsic2NoZW1hIjoic3RlbGxhb3BzLnN1cmZhY2UubWFuaWZlc3RAMSIsInRlbmFudCI6InRlbmFudC1hbHBoYSIsImltYWdlRGlnZXN0Ijoic2hhMjU2OmZlZWRmYWNlIiwiZ2VuZXJhdGVkQXQiOiIyMDI1LTEwLTE5VDEyOjM0OjU2KzAwOjAwIiwiYXJ0aWZhY3RzIjpbeyJraW5kIjoiZW50cnktdHJhY2UiLCJ1cmkiOiJjYXM6Ly9zY2FubmVyLWFydGlmYWN0cy9zY2FubmVyL2VudHJ5LXRyYWNlL2YwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwL2VudHJ5LXRyYWNlLmpzb24iLCJkaWdlc3QiOiJzaGEyNTY6ZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMCIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL2pzb24iLCJmb3JtYXQiOiJqc29uIiwic2l6ZUJ5dGVzIjo0MDk2fSx7ImtpbmQiOiJzYm9tLWludmVudG9yeSIsInVyaSI6ImNhczovL3NjYW5uZXItYXJ0aWZhY3RzL3NjYW5uZXIvaW1hZ2VzL2ZlZWRmYWNlL3Nib20uY2R4Lmpzb24iLCJkaWdlc3QiOiJzaGEyNTY6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMSIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5jeWNsb25lZHgranNvbjt2ZXJzaW9uPTEuNjt2aWV3PWludmVudG9yeSIsImZvcm1hdCI6ImNkeC1qc29uIiwic2l6ZUJ5dGVzIjoyNDU3NiwidmlldyI6ImludmVudG9yeSJ9LHsia2luZCI6InNib20tdXNhZ2UiLCJ1cmkiOiJjYXM6Ly9zY2FubmVyLWFydGlmYWN0cy9zY2FubmVyL2ltYWdlcy9mZWVkZmFjZS9zYm9tLXVzYWdlLmNkeC5qc29uIiwiZGlnZXN0Ijoic2hhMjU2OjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIiLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuY3ljbG9uZWR4K2pzb247dmVyc2lvbj0xLjY7dmlldz11c2FnZSIsImZvcm1hdCI6ImNkeC1qc29uIiwic2l6ZUJ5dGVzIjoxNjM4NCwidmlldyI6InVzYWdlIn1dfX19",
+      "signatures": [
+        {
+          "keyId": "test-key",
+          "algorithm": "hs256",
+          "signature": "signature-value"
+        }
+      ]
+    },
+    "report": {
+      "reportId": "report-abc",
+      "imageDigest": "sha256:feedface",
+      "generatedAt": "2025-10-19T12:34:56+00:00",
+      "verdict": "blocked",
+      "policy": {
+        "revisionId": "rev-42",
+        "digest": "digest-123"
+      },
+      "summary": {
+        "total": 1,
+        "blocked": 1,
+        "warned": 0,
+        "ignored": 0,
+        "quieted": 0
+      },
+      "verdicts": [
+        {
+          "findingId": "finding-1",
+          "reachability": "runtime",
+          "score": 47.5,
+          "sourceTrust": "NVD",
+          "status": "Blocked"
+        }
+      ],
+      "issues": [],
+      "surface": {
+        "tenant": "tenant-alpha",
+        "generatedAt": "2025-10-19T12:34:56+00:00",
+        "manifestDigest": "sha256:4fee87d186291ddfbbcc2c56c8ed0e828520b8f52e1cde0e13bba082f10918d7",
+        "manifestUri": "cas://scanner-artifacts/scanner/surface/manifests/tenant-alpha/sha256/4f/ee/4fee87d186291ddfbbcc2c56c8ed0e828520b8f52e1cde0e13bba082f10918d7.json",
+        "manifest": {
+          "schema": "stellaops.surface.manifest@1",
+          "tenant": "tenant-alpha",
+          "imageDigest": "sha256:feedface",
+          "generatedAt": "2025-10-19T12:34:56+00:00",
+          "artifacts": [
+            {
+              "kind": "entry-trace",
+              "uri": "cas://scanner-artifacts/scanner/entry-trace/f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0/entry-trace.json",
+              "digest": "sha256:f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0",
+              "mediaType": "application/json",
+              "format": "json",
+              "sizeBytes": 4096
+            },
+            {
+              "kind": "sbom-inventory",
+              "uri": "cas://scanner-artifacts/scanner/images/feedface/sbom.cdx.json",
+              "digest": "sha256:1111111111111111111111111111111111111111111111111111111111111111",
+              "mediaType": "application/vnd.cyclonedx+json;version=1.6;view=inventory",
+              "format": "cdx-json",
+              "sizeBytes": 24576,
+              "view": "inventory"
+            },
+            {
+              "kind": "sbom-usage",
+              "uri": "cas://scanner-artifacts/scanner/images/feedface/sbom-usage.cdx.json",
+              "digest": "sha256:2222222222222222222222222222222222222222222222222222222222222222",
+              "mediaType": "application/vnd.cyclonedx+json;version=1.6;view=usage",
+              "format": "cdx-json",
+              "sizeBytes": 16384,
+              "view": "usage"
+            }
+          ]
+        }
+      }
+    }
+  },
+  "attributes": {
+    "policyDigest": "digest-123",
+    "policyRevisionId": "rev-42",
+    "reportId": "report-abc",
+    "verdict": "blocked"
+  }
+}
--- a/docs/modules/signals/events/samples/scanner.event.scan.completed@1.sample.json
+++ b/docs/modules/signals/events/samples/scanner.event.scan.completed@1.sample.json
@@ -0,0 +1,147 @@
+{
+  "eventId": "08a6de24-4a94-4d14-8432-9d14f36f6da3",
+  "kind": "scanner.event.scan.completed",
+  "version": 1,
+  "tenant": "tenant-alpha",
+  "occurredAt": "2025-10-19T12:34:56+00:00",
+  "recordedAt": "2025-10-19T12:34:57+00:00",
+  "source": "scanner.webservice",
+  "idempotencyKey": "scanner.event.scan.completed:tenant-alpha:report-abc",
+  "correlationId": "report-abc",
+  "traceId": "4bf92f3577b34da6a3ce929d0e0e4736",
+  "scope": {
+    "namespace": "acme/edge",
+    "repo": "api",
+    "digest": "sha256:feedface"
+  },
+  "payload": {
+    "reportId": "report-abc",
+    "scanId": "report-abc",
+    "imageDigest": "sha256:feedface",
+    "verdict": "fail",
+    "summary": {
+      "total": 1,
+      "blocked": 1,
+      "warned": 0,
+      "ignored": 0,
+      "quieted": 0
+    },
+    "delta": {
+      "newCritical": 1,
+      "kev": [
+        "CVE-2024-9999"
+      ]
+    },
+    "policy": {
+      "revisionId": "rev-42",
+      "digest": "digest-123"
+    },
+    "findings": [
+      {
+        "id": "finding-1",
+        "severity": "Critical",
+        "cve": "CVE-2024-9999",
+        "purl": "pkg:docker/acme/edge-api@sha256-feedface",
+        "reachability": "runtime"
+      }
+    ],
+    "links": {
+      "report": {
+        "ui": "https://scanner.example/ui/reports/report-abc",
+        "api": "https://scanner.example/api/v1/reports/report-abc"
+      },
+      "policy": {
+        "ui": "https://scanner.example/ui/policy/revisions/rev-42",
+        "api": "https://scanner.example/api/v1/policy/revisions/rev-42"
+      },
+      "attestation": {
+        "ui": "https://scanner.example/ui/attestations/report-abc",
+        "api": "https://scanner.example/api/v1/reports/report-abc/attestation"
+      }
+    },
+    "dsse": {
+      "payloadType": "application/vnd.stellaops.report+json",
+      "payload": "eyJyZXBvcnRJZCI6InJlcG9ydC1hYmMiLCJpbWFnZURpZ2VzdCI6InNoYTI1NjpmZWVkZmFjZSIsImdlbmVyYXRlZEF0IjoiMjAyNS0xMC0xOVQxMjozNDo1NiswMDowMCIsInZlcmRpY3QiOiJibG9ja2VkIiwicG9saWN5Ijp7InJldmlzaW9uSWQiOiJyZXYtNDIiLCJkaWdlc3QiOiJkaWdlc3QtMTIzIn0sInN1bW1hcnkiOnsidG90YWwiOjEsImJsb2NrZWQiOjEsIndhcm5lZCI6MCwiaWdub3JlZCI6MCwicXVpZXRlZCI6MH0sInZlcmRpY3RzIjpbeyJmaW5kaW5nSWQiOiJmaW5kaW5nLTEiLCJyZWFjaGFiaWxpdHkiOiJydW50aW1lIiwic2NvcmUiOjQ3LjUsInNvdXJjZVRydXN0IjoiTlZEIiwic3RhdHVzIjoiQmxvY2tlZCJ9XSwiaXNzdWVzIjpbXSwic3VyZmFjZSI6eyJ0ZW5hbnQiOiJ0ZW5hbnQtYWxwaGEiLCJnZW5lcmF0ZWRBdCI6IjIwMjUtMTAtMTlUMTI6MzQ6NTYrMDA6MDAiLCJtYW5pZmVzdERpZ2VzdCI6InNoYTI1Njo0ZmVlODdkMTg2MjkxZGRmYmJjYzJjNTZjOGVkMGU4Mjg1MjBiOGY1MmUxY2RlMGUxM2JiYTA4MmYxMDkxOGQ3IiwibWFuaWZlc3RVcmkiOiJjYXM6Ly9zY2FubmVyLWFydGlmYWN0cy9zY2FubmVyL3N1cmZhY2UvbWFuaWZlc3RzL3RlbmFudC1hbHBoYS9zaGEyNTYvNGYvZWUvNGZlZTg3ZDE4NjI5MWRkZmJiY2MyYzU2YzhlZDBlODI4NTIwYjhmNTJlMWNkZTBlMTNiYmEwODJmMTA5MThkNy5qc29uIiwibWFuaWZlc3QiOnsic2NoZW1hIjoic3RlbGxhb3BzLnN1cmZhY2UubWFuaWZlc3RAMSIsInRlbmFudCI6InRlbmFudC1hbHBoYSIsImltYWdlRGlnZXN0Ijoic2hhMjU2OmZlZWRmYWNlIiwiZ2VuZXJhdGVkQXQiOiIyMDI1LTEwLTE5VDEyOjM0OjU2KzAwOjAwIiwiYXJ0aWZhY3RzIjpbeyJraW5kIjoiZW50cnktdHJhY2UiLCJ1cmkiOiJjYXM6Ly9zY2FubmVyLWFydGlmYWN0cy9zY2FubmVyL2VudHJ5LXRyYWNlL2YwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwL2VudHJ5LXRyYWNlLmpzb24iLCJkaWdlc3QiOiJzaGEyNTY6ZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMGYwZjBmMCIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL2pzb24iLCJmb3JtYXQiOiJqc29uIiwic2l6ZUJ5dGVzIjo0MDk2fSx7ImtpbmQiOiJzYm9tLWludmVudG9yeSIsInVyaSI6ImNhczovL3NjYW5uZXItYXJ0aWZhY3RzL3NjYW5uZXIvaW1hZ2VzL2ZlZWRmYWNlL3Nib20uY2R4Lmpzb24iLCJkaWdlc3QiOiJzaGEyNTY6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMSIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5jeWNsb25lZHgranNvbjt2ZXJzaW9uPTEuNjt2aWV3PWludmVudG9yeSIsImZvcm1hdCI6ImNkeC1qc29uIiwic2l6ZUJ5dGVzIjoyNDU3NiwidmlldyI6ImludmVudG9yeSJ9LHsia2luZCI6InNib20tdXNhZ2UiLCJ1cmkiOiJjYXM6Ly9zY2FubmVyLWFydGlmYWN0cy9zY2FubmVyL2ltYWdlcy9mZWVkZmFjZS9zYm9tLXVzYWdlLmNkeC5qc29uIiwiZGlnZXN0Ijoic2hhMjU2OjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIiLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuY3ljbG9uZWR4K2pzb247dmVyc2lvbj0xLjY7dmlldz11c2FnZSIsImZvcm1hdCI6ImNkeC1qc29uIiwic2l6ZUJ5dGVzIjoxNjM4NCwidmlldyI6InVzYWdlIn1dfX19",
+      "signatures": [
+        {
+          "keyId": "test-key",
+          "algorithm": "hs256",
+          "signature": "signature-value"
+        }
+      ]
+    },
+    "report": {
+      "reportId": "report-abc",
+      "imageDigest": "sha256:feedface",
+      "generatedAt": "2025-10-19T12:34:56+00:00",
+      "verdict": "blocked",
+      "policy": {
+        "revisionId": "rev-42",
+        "digest": "digest-123"
+      },
+      "summary": {
+        "total": 1,
+        "blocked": 1,
+        "warned": 0,
+        "ignored": 0,
+        "quieted": 0
+      },
+      "verdicts": [
+        {
+          "findingId": "finding-1",
+          "reachability": "runtime",
+          "score": 47.5,
+          "sourceTrust": "NVD",
+          "status": "Blocked"
+        }
+      ],
+      "issues": [],
+      "surface": {
+        "tenant": "tenant-alpha",
+        "generatedAt": "2025-10-19T12:34:56+00:00",
+        "manifestDigest": "sha256:4fee87d186291ddfbbcc2c56c8ed0e828520b8f52e1cde0e13bba082f10918d7",
+        "manifestUri": "cas://scanner-artifacts/scanner/surface/manifests/tenant-alpha/sha256/4f/ee/4fee87d186291ddfbbcc2c56c8ed0e828520b8f52e1cde0e13bba082f10918d7.json",
+        "manifest": {
+          "schema": "stellaops.surface.manifest@1",
+          "tenant": "tenant-alpha",
+          "imageDigest": "sha256:feedface",
+          "generatedAt": "2025-10-19T12:34:56+00:00",
+          "artifacts": [
+            {
+              "kind": "entry-trace",
+              "uri": "cas://scanner-artifacts/scanner/entry-trace/f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0/entry-trace.json",
+              "digest": "sha256:f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0",
+              "mediaType": "application/json",
+              "format": "json",
+              "sizeBytes": 4096
+            },
+            {
+              "kind": "sbom-inventory",
+              "uri": "cas://scanner-artifacts/scanner/images/feedface/sbom.cdx.json",
+              "digest": "sha256:1111111111111111111111111111111111111111111111111111111111111111",
+              "mediaType": "application/vnd.cyclonedx+json;version=1.6;view=inventory",
+              "format": "cdx-json",
+              "sizeBytes": 24576,
+              "view": "inventory"
+            },
+            {
+              "kind": "sbom-usage",
+              "uri": "cas://scanner-artifacts/scanner/images/feedface/sbom-usage.cdx.json",
+              "digest": "sha256:2222222222222222222222222222222222222222222222222222222222222222",
+              "mediaType": "application/vnd.cyclonedx+json;version=1.6;view=usage",
+              "format": "cdx-json",
+              "sizeBytes": 16384,
+              "view": "usage"
+            }
+          ]
+        }
+      }
+    }
+  },
+  "attributes": {
+    "policyDigest": "digest-123",
+    "policyRevisionId": "rev-42",
+    "reportId": "report-abc",
+    "verdict": "blocked"
+  }
+}
--- a/docs/modules/signals/events/samples/scanner.report.ready@1.sample.json
+++ b/docs/modules/signals/events/samples/scanner.report.ready@1.sample.json
@@ -0,0 +1,70 @@
+{
+  "eventId": "6d2d1b77-f3c3-4f70-8a9d-6f2d0c8801ab",
+  "kind": "scanner.report.ready",
+  "tenant": "tenant-alpha",
+  "ts": "2025-10-19T12:34:56+00:00",
+  "scope": {
+    "namespace": "acme/edge",
+    "repo": "api",
+    "digest": "sha256:feedface",
+    "labels": {},
+    "attributes": {}
+  },
+  "payload": {
+    "delta": {
+      "kev": ["CVE-2024-9999"],
+      "newCritical": 1
+    },
+    "dsse": {
+      "payload": "eyJyZXBvcnRJZCI6InJlcG9ydC1hYmMiLCJpbWFnZURpZ2VzdCI6InNoYTI1NjpmZWVkZmFjZSIsImdlbmVyYXRlZEF0IjoiMjAyNS0xMC0xOVQxMjozNDo1NiswMDowMCIsInZlcmRpY3QiOiJibG9ja2VkIiwicG9saWN5Ijp7InJldmlzaW9uSWQiOiJyZXYtNDIiLCJkaWdlc3QiOiJkaWdlc3QtMTIzIn0sInN1bW1hcnkiOnsidG90YWwiOjEsImJsb2NrZWQiOjEsIndhcm5lZCI6MCwiaWdub3JlZCI6MCwicXVpZXRlZCI6MH0sInZlcmRpY3RzIjpbeyJmaW5kaW5nSWQiOiJmaW5kaW5nLTEiLCJzdGF0dXMiOiJCbG9ja2VkIiwic2NvcmUiOjQ3LjUsInNvdXJjZVRydXN0IjoiTlZEIiwicmVhY2hhYmlsaXR5IjoicnVudGltZSJ9XSwiaXNzdWVzIjpbXX0=",
+      "payloadType": "application/vnd.stellaops.report\u002Bjson",
+      "signatures": [{
+        "algorithm": "hs256",
+        "keyId": "test-key",
+        "signature": "signature-value"
+      }]
+    },
+    "generatedAt": "2025-10-19T12:34:56+00:00",
+    "links": {
+      "ui": "https://scanner.example/ui/reports/report-abc"
+    },
+    "quietedFindingCount": 0,
+    "report": {
+      "generatedAt": "2025-10-19T12:34:56+00:00",
+      "imageDigest": "sha256:feedface",
+      "issues": [],
+      "policy": {
+        "digest": "digest-123",
+        "revisionId": "rev-42"
+      },
+      "reportId": "report-abc",
+      "summary": {
+        "blocked": 1,
+        "ignored": 0,
+        "quieted": 0,
+        "total": 1,
+        "warned": 0
+      },
+      "verdict": "blocked",
+      "verdicts": [
+        {
+          "findingId": "finding-1",
+          "status": "Blocked",
+          "score": 47.5,
+          "sourceTrust": "NVD",
+          "reachability": "runtime"
+        }
+      ]
+    },
+    "reportId": "report-abc",
+    "summary": {
+      "blocked": 1,
+      "ignored": 0,
+      "quieted": 0,
+      "total": 1,
+      "warned": 0
+    },
+    "verdict": "fail"
+  },
+  "attributes": {}
+}
--- a/docs/modules/signals/events/samples/scanner.scan.completed@1.sample.json
+++ b/docs/modules/signals/events/samples/scanner.scan.completed@1.sample.json
@@ -0,0 +1,78 @@
+{
+  "eventId": "08a6de24-4a94-4d14-8432-9d14f36f6da3",
+  "kind": "scanner.scan.completed",
+  "tenant": "tenant-alpha",
+  "ts": "2025-10-19T12:34:56+00:00",
+  "scope": {
+    "namespace": "acme/edge",
+    "repo": "api",
+    "digest": "sha256:feedface",
+    "labels": {},
+    "attributes": {}
+  },
+  "payload": {
+    "delta": {
+      "kev": ["CVE-2024-9999"],
+      "newCritical": 1
+    },
+    "digest": "sha256:feedface",
+    "dsse": {
+      "payload": "eyJyZXBvcnRJZCI6InJlcG9ydC1hYmMiLCJpbWFnZURpZ2VzdCI6InNoYTI1NjpmZWVkZmFjZSIsImdlbmVyYXRlZEF0IjoiMjAyNS0xMC0xOVQxMjozNDo1NiswMDowMCIsInZlcmRpY3QiOiJibG9ja2VkIiwicG9saWN5Ijp7InJldmlzaW9uSWQiOiJyZXYtNDIiLCJkaWdlc3QiOiJkaWdlc3QtMTIzIn0sInN1bW1hcnkiOnsidG90YWwiOjEsImJsb2NrZWQiOjEsIndhcm5lZCI6MCwiaWdub3JlZCI6MCwicXVpZXRlZCI6MH0sInZlcmRpY3RzIjpbeyJmaW5kaW5nSWQiOiJmaW5kaW5nLTEiLCJzdGF0dXMiOiJCbG9ja2VkIiwic2NvcmUiOjQ3LjUsInNvdXJjZVRydXN0IjoiTlZEIiwicmVhY2hhYmlsaXR5IjoicnVudGltZSJ9XSwiaXNzdWVzIjpbXX0=",
+      "payloadType": "application/vnd.stellaops.report\u002Bjson",
+      "signatures": [{
+        "algorithm": "hs256",
+        "keyId": "test-key",
+        "signature": "signature-value"
+      }]
+    },
+    "findings": [
+      {
+        "cve": "CVE-2024-9999",
+        "id": "finding-1",
+        "reachability": "runtime",
+        "severity": "Critical"
+      }
+    ],
+    "policy": {
+      "digest": "digest-123",
+      "revisionId": "rev-42"
+    },
+    "report": {
+      "generatedAt": "2025-10-19T12:34:56+00:00",
+      "imageDigest": "sha256:feedface",
+      "issues": [],
+      "policy": {
+        "digest": "digest-123",
+        "revisionId": "rev-42"
+      },
+      "reportId": "report-abc",
+      "summary": {
+        "blocked": 1,
+        "ignored": 0,
+        "quieted": 0,
+        "total": 1,
+        "warned": 0
+      },
+      "verdict": "blocked",
+      "verdicts": [
+        {
+          "findingId": "finding-1",
+          "status": "Blocked",
+          "score": 47.5,
+          "sourceTrust": "NVD",
+          "reachability": "runtime"
+        }
+      ]
+    },
+    "reportId": "report-abc",
+    "summary": {
+      "blocked": 1,
+      "ignored": 0,
+      "quieted": 0,
+      "total": 1,
+      "warned": 0
+    },
+    "verdict": "fail"
+  },
+  "attributes": {}
+}
--- a/docs/modules/signals/events/samples/scheduler.graph.job.completed@1.sample.json
+++ b/docs/modules/signals/events/samples/scheduler.graph.job.completed@1.sample.json
@@ -0,0 +1,36 @@
+{
+  "eventId": "4d33c19c-1c8a-44d1-9954-1d5e98b2af71",
+  "kind": "scheduler.graph.job.completed",
+  "tenant": "tenant-alpha",
+  "ts": "2025-10-26T12:00:45Z",
+  "payload": {
+    "jobType": "build",
+    "status": "completed",
+    "occurredAt": "2025-10-26T12:00:45Z",
+    "job": {
+      "schemaVersion": "scheduler.graph-build-job@1",
+      "id": "gbj_20251026a",
+      "tenantId": "tenant-alpha",
+      "sbomId": "sbom_20251026",
+      "sbomVersionId": "sbom_ver_20251026",
+      "sbomDigest": "sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
+      "graphSnapshotId": "graph_snap_20251026",
+      "status": "completed",
+      "trigger": "sbom-version",
+      "attempts": 1,
+      "cartographerJobId": "carto_job_42",
+      "correlationId": "evt_svc_987",
+      "createdAt": "2025-10-26T12:00:00+00:00",
+      "startedAt": "2025-10-26T12:00:05+00:00",
+      "completedAt": "2025-10-26T12:00:45+00:00",
+      "metadata": {
+        "sbomEventId": "sbom_evt_20251026"
+      }
+    },
+    "resultUri": "oras://cartographer/offline/tenant-alpha/graph_snap_20251026"
+  },
+  "attributes": {
+    "cartographerCluster": "offline-kit",
+    "plannerShard": "graph-builders-01"
+  }
+}
--- a/docs/modules/signals/events/samples/scheduler.rescan.delta@1.sample.json
+++ b/docs/modules/signals/events/samples/scheduler.rescan.delta@1.sample.json
@@ -0,0 +1,20 @@
+{
+  "eventId": "51d0ef8d-3a17-4af3-b2d7-4ad3db3d9d2c",
+  "kind": "scheduler.rescan.delta",
+  "tenant": "tenant-acme-solar",
+  "ts": "2025-10-18T15:40:11+00:00",
+  "payload": {
+    "impactedDigests": [
+      "sha256:0f0a8de5c1f93d6716b7249f6f4ea3a8db451dc3f3c3ff823f53c9cbde5d5e8a",
+      "sha256:ab921f9679dd8d0832f3710a4df75dbadbd58c2d95f26a4d4efb2fa8c3d9b4ce"
+    ],
+    "reason": "policy-change:scoring/v2",
+    "scheduleId": "rescan-weekly-critical",
+    "summary": {
+      "newCritical": 0,
+      "newHigh": 1,
+      "total": 4
+    }
+  },
+  "attributes": {}
+}