docs consolidation and others
This commit is contained in:
master
20
docs/modules/ui/operations/risk-ui.md
Normal file
20
docs/modules/ui/operations/risk-ui.md
Normal file
@@ -0,0 +1,20 @@
|
||||
# Console Risk UI (Overview)
|
||||
|
||||
This document describes how risk and explainability concepts should surface in the Console.
|
||||
|
||||
## Concepts to Surface
|
||||
|
||||
- **Verdict and “why”:** a short, narrative explanation above the fold.
|
||||
- **Evidence rail:** links to proofs that justify each fact (SBOM, VEX, reachability, policy explain trace).
|
||||
- **Risk signals:** severity, exploit signals, exposure context, and confidence/uncertainty indicators.
|
||||
|
||||
## Explainability Expectations
|
||||
|
||||
- Every blocking decision must link to the policy gate and the evidence inputs that triggered it.
|
||||
- Uncertainty must remain explicit (avoid false safety when evidence is missing or conflicts exist).
|
||||
|
||||
## References
|
||||
|
||||
- Risk model overview: `docs/modules/risk-engine/guides/overview.md`
|
||||
- Policy explainability: `docs/modules/risk-engine/guides/explainability.md`
|
||||
- Vulnerability Explorer guide: `docs/VULNERABILITY_EXPLORER_GUIDE.md`
|
||||
Reference in New Issue
Block a user