Add sample proof bundle configurations and verification script
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Console CI / console-ci (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
VEX Proof Bundles / verify-bundles (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Console CI / console-ci (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
VEX Proof Bundles / verify-bundles (push) Has been cancelled
- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`. - Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs. - Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details. - Enhanced evidence entries with expiration dates and hashes for better integrity checks. - Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
This commit is contained in:
StellaOps Bot
47
docs/modules/evidence-locker/schemas/checksums.schema.json
Normal file
47
docs/modules/evidence-locker/schemas/checksums.schema.json
Normal file
@@ -0,0 +1,47 @@
|
||||
{
|
||||
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
||||
"$id": "https://stellaops.local/schemas/evidence/checksums.schema.json",
|
||||
"title": "StellaOps Evidence Bundle Checksums (EB2)",
|
||||
"description": "Canonical checksum map used to derive the Merkle root and DSSE subject for evidence bundles.",
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": ["algorithm", "root", "entries"],
|
||||
"properties": {
|
||||
"algorithm": { "type": "string", "enum": ["sha256"] },
|
||||
"root": { "type": "string", "pattern": "^[0-9a-f]{64}$" },
|
||||
"generatedAt": { "type": "string", "format": "date-time" },
|
||||
"bundleId": { "type": "string", "pattern": "^[0-9a-fA-F]{32}$" },
|
||||
"tenantId": { "type": "string", "pattern": "^[0-9a-fA-F]{32}$" },
|
||||
"entries": {
|
||||
"type": "array",
|
||||
"minItems": 1,
|
||||
"description": "Sorted list of entry hashes; order must be lexicographic on canonicalPath.",
|
||||
"items": { "$ref": "#/$defs/checksumEntry" }
|
||||
},
|
||||
"chunking": {
|
||||
"type": "object",
|
||||
"description": "Optional chunked/CAS hashing strategy for large payloads.",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"strategy": { "type": "string", "enum": ["none", "fixed", "buzhash"] },
|
||||
"chunkSizeBytes": { "type": "integer", "minimum": 1024 },
|
||||
"casDigestAlgorithm": { "type": "string", "enum": ["sha256"] }
|
||||
}
|
||||
}
|
||||
},
|
||||
"$defs": {
|
||||
"checksumEntry": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": ["canonicalPath", "sha256", "sizeBytes"],
|
||||
"properties": {
|
||||
"canonicalPath": {
|
||||
"type": "string",
|
||||
"pattern": "^(?:[A-Za-z0-9_.-]+/)*[A-Za-z0-9_.-]+$"
|
||||
},
|
||||
"sha256": { "type": "string", "pattern": "^[0-9a-f]{64}$" },
|
||||
"sizeBytes": { "type": "integer", "minimum": 0 }
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user