Add sample proof bundle configurations and verification script

- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`. - Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs. - Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details. - Enhanced evidence entries with expiration dates and hashes for better integrity checks. - Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
2025-12-04 08:54:32 +02:00
parent e1262eb916
commit 4dc7cf834a
76 changed files with 3051 additions and 355 deletions
--- a/tests/Vex/ProofBundles/openvex-sample.json
+++ b/tests/Vex/ProofBundles/openvex-sample.json
@@ -0,0 +1,35 @@
+{
+  "context": "https://openvex.dev/ns/v0.2.0",
+  "metadata": {
+    "id": "urn:stellaops:vex:sample-hello-1",
+    "author": "StellaOps Excititor",
+    "timestamp": "2025-12-04T00:00:00Z"
+  },
+  "statements": [
+    {
+      "vulnerability": "CVE-2024-9999",
+      "products": [
+        "pkg:demo/app@1.0.0"
+      ],
+      "status": "not_affected",
+      "status_notes": "Entry-point coverage 96% with negative tests; runtime probes clean.",
+      "justification": "vulnerable_code_not_present",
+      "statementID": "urn:stellaops:vex:statement:sample-hello-1",
+      "last_updated": "2025-12-04T00:00:00Z",
+      "known_exploited": false,
+      "references": [
+        {
+          "summary": "Proof bundle",
+          "url": "cas://proofbundles/sample-proof-bundle.json"
+        }
+      ],
+      "subcomponents": [
+        {
+          "product": "pkg:demo/lib@1.0.0",
+          "status": "not_affected",
+          "justification": "vulnerable_code_not_in_execute_path"
+        }
+      ]
+    }
+  ]
+}