stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

sprints completion. new product advisories prepared

Browse Source
This commit is contained in:
master
2026-01-16 16:30:03 +02:00
parent a927d924e3
commit 4ca3ce8fb4
255 changed files with 42434 additions and 1020 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
docs/modules/ui/components/README.md
View File

@@ -43,6 +43,58 @@ Findings can have special flags indicating evidence quality:
| `proven-path` | Checkmark | Blue | Verified reachability path confirmed |
| `vendor-na` | Strikethrough | Gray | Vendor marked as not affected |
| `speculative` | Question mark | Orange | Evidence is speculative/unconfirmed |
| `anchored` | [A] | Violet | Score anchored with DSSE/Rekor attestation |
| `hard-fail` | [!] | Red | Policy hard-fail triggered |
## Grey Queue Components
> **Sprint:** SPRINT_20260112_011_FE_policy_unknowns_queue_integration
The Grey Queue component suite handles observations with uncertain status requiring operator attention.
### Components
| Component | Purpose | Location |
|-----------|---------|----------|
| GreyQueuePanel | Display grey queue item with fingerprint, triggers, conflicts, and actions | `features/unknowns/` |
| GreyQueueDashboard | Dashboard view with filtering and deterministic ordering | `features/unknowns/` |
| DeterminizationReview | Detailed review context for grey queue items | `features/unknowns/` |
### Observation States
| State | Badge Color | Description |
|-------|-------------|-------------|
| `PendingDeterminization` | Yellow | Evidence incomplete; monitoring active |
| `Disputed` | Orange | Conflicting evidence; manual adjudication required |
| `GuardedPass` | Blue | Allowed with runtime guardrails |
| `Resolved` | Green | Operator has made a determination |
### Usage
```typescript
// Grey queue components
import {
GreyQueuePanelComponent,
GreyQueueDashboardComponent,
DeterminizationReviewComponent,
} from '@app/features/unknowns';
```
```html
<!-- Grey Queue Panel -->
<app-grey-queue-panel
[unknown]="policyUnknown"
(triageAction)="onTriageAction($event)"
/>
<!-- Grey Queue Dashboard -->
<app-grey-queue-dashboard
[unknowns]="unknownsList"
(selectUnknown)="onSelectUnknown($event)"
/>
```
See `docs/UI_GUIDE.md#grey-queue-and-unknowns-triage` for operator workflow documentation.
## Quick Start

17
docs/modules/ui/components/findings-list.md
View File

@@ -81,6 +81,23 @@ Filter by active score flags:
- Proven Path
- Vendor N/A
- Speculative
- Anchored (DSSE/Rekor attested)
- Hard Fail (policy triggered)
### Row Visual Indicators
#### Hard Fail Rows
Findings with `hard-fail` flag are highlighted with:
- Red left border (`3px solid #dc2626`)
- Subtle red background tint
- CSS class: `hard-fail-row`
#### Anchored Rows
Findings with `anchored` flag display:
- Violet left border (`3px solid #7c3aed`)
- CSS class: `anchored-row`
Note: If a finding is both anchored and hard-fail, hard-fail styling takes visual precedence.
### Search
Text search across advisory ID and package name.

32
docs/modules/ui/components/score-badge.md
View File

@@ -25,10 +25,12 @@ The `ScoreBadgeComponent` displays evidence quality flags that provide context a
| Type | Icon | Color | Description |
|------|------|-------|-------------|
| `live-signal` | Signal wave | Green (`#16A34A`) | Active runtime signals detected from deployed environments |
| `live-signal` | Signal wave | Green (`#059669`) | Active runtime signals detected from deployed environments |
| `proven-path` | Checkmark | Blue (`#2563EB`) | Verified reachability path to vulnerable code |
| `vendor-na` | Strikethrough | Gray (`#6B7280`) | Vendor has marked as not affected |
| `speculative` | Question mark | Orange (`#D97706`) | Evidence is speculative or unconfirmed |
| `speculative` | Question mark | Orange (`#F97316`) | Evidence is speculative or unconfirmed |
| `anchored` | [A] | Violet (`#7C3AED`) | Score is anchored with DSSE attestation and/or Rekor transparency log |
| `hard-fail` | [!] | Red (`#DC2626`) | Policy hard-fail triggered - requires immediate remediation |
## Usage Examples
@@ -45,6 +47,8 @@ The `ScoreBadgeComponent` displays evidence quality flags that provide context a
<stella-score-badge type="proven-path" />
<stella-score-badge type="vendor-na" />
<stella-score-badge type="speculative" />
<stella-score-badge type="anchored" />
<stella-score-badge type="hard-fail" />
```
### Size Variants
@@ -128,6 +132,30 @@ The evidence for this vulnerability is speculative or based on incomplete analys
- Heuristic-based detection
- Unverified reports
### anchored (Violet - Attested)
The score calculation has been cryptographically anchored via DSSE attestation and/or inclusion in a Rekor transparency log. This provides verifiable proof of the score at a specific point in time.
**Attestation Types:**
- DSSE envelope with signed payload
- Rekor log index and entry ID
- Offline ledger verification
**Visual Behavior:**
- Subtle violet glow effect via `anchored-glow` CSS class
### hard-fail (Red - Immediate Action)
A policy hard-fail condition has been triggered. This indicates the vulnerability meets criteria for mandatory immediate remediation, bypassing normal triage workflow.
**Triggers:**
- Known Exploited Vulnerability (KEV) list inclusion
- Active exploitation confirmed
- Critical severity with confirmed reachability
- Policy override by security team
**Visual Behavior:**
- Red alert pulse animation via `alert` CSS class
- Row highlighting in findings lists
## Accessibility
- Uses `role="img"` with descriptive `aria-label`

63
docs/modules/ui/components/score-breakdown-popover.md
View File

@@ -57,6 +57,35 @@ interface EvidenceWeightedScoreResult {
};
policyDigest: string;
calculatedAt: string; // ISO 8601
// Sprint: SPRINT_20260112_004_FE_attested_score_ui
// Reduction profile, hard-fail, and anchor fields
reductionProfile?: ReductionProfile;
shortCircuitReason?: ShortCircuitReason;
hardFailStatus?: HardFailStatus;
isHardFail?: boolean;
proofAnchor?: ScoreProofAnchor;
}
interface ReductionProfile {
mode: 'none' | 'light' | 'standard' | 'aggressive' | 'custom';
originalScore: number;
reductionAmount: number;
reductionFactor: number;
contributingEvidence: string[];
cappedByPolicy: boolean;
}
interface ScoreProofAnchor {
anchored: boolean;
dsseDigest?: string;
rekorLogIndex?: number;
rekorEntryId?: string;
rekorLogId?: string;
attestationUri?: string;
verifiedAt?: string;
verificationStatus?: 'verified' | 'pending' | 'failed' | 'offline';
verificationError?: string;
}
```
@@ -129,22 +158,44 @@ export class ScoreDialogComponent {
### 1. Header
Displays the overall score with bucket label and color.
### 2. Dimensions Chart
### 2. Hard Fail Alert (Conditional)
If `isHardFail` is true, displays a prominent red warning section with the hard-fail reason (KEV, exploited, critical reachable, or policy override).
### 3. Dimensions Chart
Horizontal bar chart showing all six dimensions with their normalized values (0-100%).
### 3. Flags Section
Active flags displayed as badges. See [ScoreBadge](./score-badge.md) for flag types.
### 4. Reduction Profile (Conditional)
When a reduction profile is present, shows:
- Reduction mode (light, standard, aggressive, custom)
- Original vs reduced score
- Contributing evidence types
- Policy cap indicator
### 4. Guardrails Section
### 5. Short-Circuit Info (Conditional)
When the score was short-circuited, shows the reason (vendor not affected, VEX not affected, runtime confirmed, anchor verified).
### 6. Flags Section
Active flags displayed as badges. See [ScoreBadge](./score-badge.md) for flag types including:
- `anchored` - Cryptographic attestation present
- `hard-fail` - Policy hard-fail triggered
### 7. Guardrails Section
Applied caps and floors:
- **Speculative Cap**: Score limited due to unconfirmed evidence
- **Not Affected Cap**: Score reduced due to vendor VEX
- **Runtime Floor**: Score elevated due to active runtime signals
### 5. Explanations
### 8. Proof Anchor Details (Conditional)
When anchored, shows attestation details:
- DSSE envelope digest (truncated)
- Rekor log index and entry ID
- Verification status and timestamp
- Attestation URI link
### 9. Explanations
Human-readable explanations of factors affecting the score.
### 6. Footer
### 10. Footer
- Policy digest (truncated SHA-256)
- Calculation timestamp