stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

save checkpoint. addition features and their state. check some ofthem

Browse Source
This commit is contained in:
master
2026-02-10 07:54:44 +02:00
parent 4bdc298ec1
commit 5593212b41
211 changed files with 10248 additions and 1208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docs/modules/release-orchestrator/modules/promotion-manager.md
View File

@@ -392,6 +392,7 @@ interface SecurityGateConfig {
scanFreshnessHours: number; // How recent scan must be
allowExceptions: boolean; // Allow VEX exceptions
requireVexJustification: boolean; // Require VEX for exceptions
requireEvidenceScoreMatch: boolean; // Require Evidence Locker score match
}
interface SecurityGateResult {
@@ -423,6 +424,20 @@ interface SecurityGateResult {
}
```
When `requireEvidenceScoreMatch=true`, the security gate enforces fail-closed Evidence Locker checks per component:
1. recompute expected `evidence_score` from reproducibility inputs (`canonical_bom_sha256`, `payload_digest`, sorted `attestation_refs`)
2. query Evidence Locker by `artifact_id`
3. require `status=ready`
4. require exact score equality
Violation codes emitted for this flow:
- `SEC_REPRO_EVIDENCE_ARTIFACT_MISSING`
- `SEC_REPRO_EVIDENCE_SCORE_INPUT_INVALID`
- `SEC_REPRO_EVIDENCE_SCORE_REFS_INVALID`
- `SEC_REPRO_EVIDENCE_SCORE_MISSING`
- `SEC_REPRO_EVIDENCE_SCORE_NOT_READY`
- `SEC_REPRO_EVIDENCE_SCORE_MISMATCH`
---
## References