stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

documentation cleanse, sprints work and planning. remaining non EF DAL migration to EF

Browse Source
This commit is contained in:
master
2026-02-25 01:24:07 +02:00
parent b07d27772e
commit 4db038123b
9090 changed files with 4836 additions and 2909 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs-archived/qa/feature-checks/runs/concelier/vex-consumption-from-sbom-documents/run-001/tier1-code-review.json Normal file
View File

@@ -0,0 +1,17 @@
{
"tier": 1,
"type": "code_review",
"capturedAtUtc": "2026-02-12T00:00:00Z",
"feature": "vex-consumption-from-sbom-documents",
"claimsVerified": true,
"missingClaims": [],
"presentClaims": [
"VexConsumptionReporter exists at src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionReporter.cs",
"VexConsumptionPolicyLoader exists at src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionPolicyLoader.cs",
"VexConflictResolver exists at src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConflictResolver.cs",
"VexConsumptionOptions exists at src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionOptions.cs",
"ParsedSbomParser exists at src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Parsing/ParsedSbomParser.cs"
],
"verdict": "done",
"notes": "VEX consumption from SBOM documents fully confirmed with embedded VEX extraction via ParsedSbomParser, conflict resolution, consumption reporting, policy loading, and options."
}

38
docs-archived/qa/feature-checks/runs/concelier/vex-consumption-from-sbom-documents/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,38 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T06:40:00Z",
"testCommand": "dotnet test \"src/Concelier/__Tests/StellaOps.Concelier.SbomIntegration.Tests/StellaOps.Concelier.SbomIntegration.Tests.csproj\" --filter \"FullyQualifiedName~VexExtractor|FullyQualifiedName~VexConsumer|FullyQualifiedName~VexConsumption|FullyQualifiedName~ParsedSbomParser\" --no-restore -v normal",
"testFilter": "VexExtractorTests, VexConsumerTests, VexConsumptionReporterTests, ParsedSbomParserTests from SbomIntegration.Tests",
"testsRun": 130,
"testsPassed": 130,
"testsFailed": 0,
"targetedTestMethods": [
"VexExtractorTests.CycloneDxExtractor_MapsBomRefToPurl",
"VexExtractorTests.SpdxExtractor_HandlesSpdxFormat",
"VexConsumerTests.*",
"VexConsumptionReporterTests.ToJson_IncludesStatements",
"VexConsumptionReporterTests.ToSarif_EmitsResults",
"ParsedSbomParserTests.*",
"ParsedSbomParserEdgeCaseTests.*"
],
"behaviorVerified": [
"CycloneDxVexExtractor extracts embedded VEX from CycloneDX SBOMs, maps BomRef to PURL",
"SpdxVexExtractor handles SPDX format VEX extraction",
"VEX extraction maps vulnerability analysis state, justification, response, detail",
"Per-statement trust evaluation via VexTrustLevel (Trusted, Verified, Unverified)",
"VexConflictResolver resolves conflicts between embedded VEX statements",
"VexConsumptionReporter generates JSON reports listing all consumed VEX statements with trust",
"VexConsumptionReporter generates SARIF output for CI/CD integration",
"ParsedSbom model carries VEX data through the pipeline"
],
"assertionTypes": [
"Xunit Assert.Single",
"Xunit Assert.Contains",
"Xunit Assert.True",
"FluentAssertions assertions"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 130, Skipped: 0, Total: 130, Duration: 1s 250ms - StellaOps.Concelier.SbomIntegration.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

1
docs-archived/qa/feature-checks/runs/concelier/vex-consumption-from-sbom-documents/run-002/tier0-source-check.json Normal file
View File

@@ -0,0 +1 @@
{"featureFile":"docs/features/unchecked/concelier/vex-consumption-from-sbom-documents.md","filesChecked":["src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionReporter.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionPolicyLoader.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConflictResolver.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionOptions.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Parsing/ParsedSbomParser.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexExtractors.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumer.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexTrustEvaluator.cs"],"found":["src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionReporter.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionPolicyLoader.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConflictResolver.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumptionOptions.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Parsing/ParsedSbomParser.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexExtractors.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexConsumer.cs","src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/Vex/VexTrustEvaluator.cs"],"missing":[],"verdict":"pass"}

0
docs-archived/qa/feature-checks/runs/concelier/vex-consumption-from-sbom-documents/run-002/tier1-build-check.json Normal file
View File

1
docs-archived/qa/feature-checks/runs/concelier/vex-consumption-from-sbom-documents/run-002/tier1-code-review.json Normal file
View File

@@ -0,0 +1 @@
{"project":"src/Concelier/__Libraries/StellaOps.Concelier.SbomIntegration/StellaOps.Concelier.SbomIntegration.csproj","testProject":"src/Concelier/__Tests/StellaOps.Concelier.SbomIntegration.Tests/StellaOps.Concelier.SbomIntegration.Tests.csproj","buildResult":"pass","testResult":"pass","totalTests":130,"testsPassed":130,"testsFailed":0,"errors":[],"codeReviewChecklist":{"mainClassExists":true,"nonTrivialImplementation":true,"logicMatchesFeatureDescription":true,"unitTestsExerciseCoreBehavior":true,"testsAssertMeaningfulOutcomes":true},"codeReviewNotes":["VexConsumer: orchestrates VEX extraction from SBOM, trust evaluation, conflict resolution, and report generation","CycloneDxVexExtractor: extracts embedded VEX from CycloneDX SBOMs, maps bom-ref to PURL","SpdxVexExtractor: extracts embedded VEX from SPDX SBOMs","VexTrustEvaluator: per-statement trust evaluation based on source provenance, justification quality, and evidence age","VexConsumptionPolicyDefaults: default policy requiring justification for not_affected statements","Tests: VexConsumerTests (not_affected extraction, missing justification filtering), VexExtractorTests (CycloneDX bom-ref to PURL, SPDX format handling), VexIntegrationTests (full E2E: parse CycloneDX SBOM with embedded VEX -> extract -> evaluate -> resolve), SbomAdvisoryMatcherVexTests (VEX filtering in advisory matching)"],"verdict":"pass"}

1
docs-archived/qa/feature-checks/runs/concelier/vex-consumption-from-sbom-documents/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1 @@
{"type":"integration","capturedAtUtc":"2026-02-13T09:30:00Z","testCommand":"dotnet test \"src\Concelier\__Tests\StellaOps.Concelier.SbomIntegration.Tests\StellaOps.Concelier.SbomIntegration.Tests.csproj\" --no-restore -v normal","testFilter":"VexConsumerTests, VexExtractorTests, VexIntegrationTests, SbomAdvisoryMatcherVexTests","testsRun":130,"testsPassed":130,"testsFailed":0,"featureRelevantTests":7,"targetedTestMethods":["VexConsumerTests.ConsumeAsync_ReturnsNotAffectedStatement","VexConsumerTests.ConsumeAsync_MissingJustification_FiltersStatement","VexExtractorTests.CycloneDxExtractor_MapsBomRefToPurl","VexExtractorTests.SpdxExtractor_HandlesSpdxFormat","VexIntegrationTests.ConsumeFromSbomAsync_ParsesEmbeddedCycloneDxVex","SbomAdvisoryMatcherVexTests.MatchAsync_FiltersNotAffectedVexStatements"],"behaviorVerified":["CycloneDX SBOM embedded VEX extraction: VexConsumer parses not_affected with ComponentNotPresent justification, returns Trusted trust level","SPDX SBOM embedded VEX extraction: SpdxVexExtractor handles SPDX format correctly","Missing justification filtering: statements without justification filtered with 'vex.justification.missing' warning","Per-statement trust evaluation: VexTrustEvaluator assigns trust based on source provenance and evidence quality","Full E2E integration: ParsedSbomParser -> VexConsumer.ConsumeFromSbomAsync -> extract + evaluate + resolve -> consumption result with CVE ID, status, affected components","VEX-aware advisory matching: SbomAdvisoryMatcher filters not_affected VEX statements from match results"],"assertionTypes":["Assert.Single on consumed statements","Assert.Equal on VexStatus.NotAffected and VexTrustLevel.Trusted","Assert.Empty on warnings (valid statement) / Assert.Contains on warnings (missing justification)","Assert.Contains on affected components (PURL mapping from bom-ref)"],"newTestsWritten":[],"bugsFixed":[],"rawOutput":"Passed! - Failed: 0, Passed: 130, Skipped: 0, Total: 130, Duration: 1s 255ms - StellaOps.Concelier.SbomIntegration.Tests.dll (net10.0|x64)","verdict":"pass"}