partly or unimplemented features - now implemented
This commit is contained in:
master
38
docs/features/unchecked/attestor/noise-ledger.md
Normal file
38
docs/features/unchecked/attestor/noise-ledger.md
Normal file
@@ -0,0 +1,38 @@
|
||||
# Noise Ledger (Audit Log of Suppressions)
|
||||
|
||||
## Module
|
||||
Attestor
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Suppression witnesses and audit hash logging exist in the backend. CLI audit commands exist. A dedicated "Noise Ledger" UX component is not present, though the underlying audit/suppression infrastructure is in place.
|
||||
|
||||
## What's Implemented
|
||||
- **Audit Hash Logger**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Audit/AuditHashLogger.cs` (with `.Validation`) -- tamper-evident audit logging for all actions including suppressions.
|
||||
- **Hash Audit Record**: `Audit/HashAuditRecord.cs` -- individual audit record with hash chain.
|
||||
- **Audit Artifact Types**: `Audit/AuditArtifactTypes.cs` -- enumeration of auditable artifact types.
|
||||
- **VEX Override System**: `__Libraries/StellaOps.Attestor.StandardPredicates/VexOverride/` -- structured VEX overrides (suppressions) with evidence and justification.
|
||||
- **Change Trace Attestation Service**: `ProofChain/ChangeTrace/ChangeTraceAttestationService.cs` -- tracks changes including suppressions.
|
||||
- **VEX Delta Tracking**: `Predicates/VexDeltaPredicate.cs`, `VexDeltaChange.cs` -- tracks VEX status transitions.
|
||||
|
||||
## What's Missing
|
||||
- **Dedicated Noise Ledger service**: No standalone service aggregating all suppression/noise decisions into a queryable ledger.
|
||||
- **Noise Ledger UI component**: No frontend page showing a filterable, sortable list of all suppressions with justifications and evidence.
|
||||
- **Suppression statistics**: No aggregated statistics (suppressions per severity, per component, per time period).
|
||||
- **Suppression review workflow**: No periodic review workflow that surfaces suppressions due for re-evaluation.
|
||||
- **Suppression export**: No dedicated export format for suppression audit trail (e.g., for compliance reporting).
|
||||
- **Noise pattern detection**: No automated detection of noise patterns (e.g., same CVE suppressed across all environments).
|
||||
|
||||
## Implementation Plan
|
||||
- Create `NoiseLedgerService` aggregating suppressions from VEX overrides, audit logs, and change traces
|
||||
- Add REST endpoints for querying the noise ledger with filtering/pagination
|
||||
- Build Angular UI component showing suppression list with details, justification, and evidence links
|
||||
- Implement suppression statistics and trend analysis
|
||||
- Add periodic review workflow surfacing stale suppressions
|
||||
- Add export functionality for compliance auditors
|
||||
- Add tests for ledger aggregation, statistics, and review scheduling
|
||||
|
||||
## Related Documentation
|
||||
- Source: See feature catalog
|
||||
Reference in New Issue
Block a user