stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories

Browse Source
This commit is contained in:
master
2026-01-07 18:49:59 +02:00
parent 04ec098046
commit 608a7f85c0
866 changed files with 56323 additions and 6231 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
docs/schemas/cyclonedx-bom-1.7.schema.json
View File

@@ -1,56 +1,86 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "http://cyclonedx.org/schema/bom-1.7.schema.json",
"$comment": "Placeholder schema for CycloneDX 1.7 - Download full schema from https://raw.githubusercontent.com/CycloneDX/specification/master/schema/bom-1.7.schema.json",
"type": "object",
"title": "CycloneDX Software Bill of Materials Standard",
"title": "CycloneDX Bill of Materials Standard",
"description": "CycloneDX BOM schema for version 1.7",
"required": ["bomFormat", "specVersion"],
"properties": {
"bomFormat": {
"type": "string",
"enum": ["CycloneDX"]
},
"specVersion": {
"type": "string"
"type": "string",
"pattern": "^1\\.[0-9]+$"
},
"serialNumber": {
"type": "string"
"type": "string",
"pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
},
"version": {
"type": "integer"
"type": "integer",
"minimum": 1
},
"metadata": {
"type": "object"
"type": "object",
"properties": {
"timestamp": { "type": "string", "format": "date-time" },
"tools": { "type": "array" },
"authors": { "type": "array" },
"component": { "type": "object" },
"manufacture": { "type": "object" },
"supplier": { "type": "object" },
"licenses": { "type": "array" },
"properties": { "type": "array" }
}
},
"components": {
"type": "array"
"type": "array",
"items": {
"type": "object",
"required": ["type", "name"],
"properties": {
"type": { "type": "string" },
"mime-type": { "type": "string" },
"bom-ref": { "type": "string" },
"supplier": { "type": "object" },
"author": { "type": "string" },
"publisher": { "type": "string" },
"group": { "type": "string" },
"name": { "type": "string" },
"version": { "type": "string" },
"description": { "type": "string" },
"scope": { "type": "string" },
"hashes": { "type": "array" },
"licenses": { "type": "array" },
"copyright": { "type": "string" },
"cpe": { "type": "string" },
"purl": { "type": "string" },
"swid": { "type": "object" },
"modified": { "type": "boolean" },
"pedigree": { "type": "object" },
"externalReferences": { "type": "array" },
"properties": { "type": "array" },
"components": { "type": "array" },
"evidence": { "type": "object" },
"releaseNotes": { "type": "object" },
"modelCard": { "type": "object" },
"data": { "type": "array" },
"cryptoProperties": { "type": "object" }
}
}
},
"services": {
"type": "array"
},
"externalReferences": {
"type": "array"
},
"dependencies": {
"type": "array"
},
"compositions": {
"type": "array"
},
"vulnerabilities": {
"type": "array"
},
"annotations": {
"type": "array"
},
"formulation": {
"type": "array"
},
"declarations": {
"type": "object"
},
"definitions": {
"type": "object"
}
},
"required": ["bomFormat", "specVersion"]
"services": { "type": "array" },
"externalReferences": { "type": "array" },
"dependencies": { "type": "array" },
"compositions": { "type": "array" },
"vulnerabilities": { "type": "array" },
"annotations": { "type": "array" },
"formulation": { "type": "array" },
"declarations": { "type": "object" },
"definitions": { "type": "object" },
"properties": { "type": "array" },
"signature": { "type": "object" }
}
}

91
docs/schemas/spdx-jsonld-3.0.1.schema.json
View File

@@ -1,43 +1,84 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://spdx.org/schema/3.0.1/spdx-json-schema.json",
"$comment": "Placeholder schema for SPDX 3.0.1 JSON-LD - Download full schema from https://spdx.org/schema/3.0.1/spdx-json-schema.json",
"type": "object",
"$id": "https://spdx.org/rdf/3.0.1/spdx-json-schema.json",
"title": "SPDX 3.0.1 JSON-LD Schema",
"description": "Schema for SPDX 3.0.1 documents in JSON-LD format",
"type": "object",
"properties": {
"@context": {
"oneOf": [
{ "type": "string" },
{ "type": "object" },
{ "type": "array" }
]
"type": "string",
"description": "JSON-LD context for SPDX 3.0"
},
"@graph": {
"type": "array"
"type": "array",
"description": "Array of SPDX elements",
"items": {
"type": "object",
"properties": {
"@type": { "type": "string" },
"@id": { "type": "string" },
"spdxId": { "type": "string" },
"name": { "type": "string" },
"description": { "type": "string" },
"comment": { "type": "string" },
"creationInfo": { "type": "object" },
"verifiedUsing": { "type": "array" },
"externalRef": { "type": "array" },
"externalIdentifier": { "type": "array" },
"extension": { "type": "array" }
}
}
},
"@type": {
"type": "string"
},
"spdxId": {
"type": "string"
"spdxVersion": {
"type": "string",
"pattern": "^SPDX-3\\.[0-9]+$"
},
"creationInfo": {
"type": "object"
},
"name": {
"type": "string"
},
"element": {
"type": "array"
"type": "object",
"properties": {
"@type": { "type": "string" },
"specVersion": { "type": "string" },
"created": { "type": "string", "format": "date-time" },
"createdBy": { "type": "array" },
"createdUsing": { "type": "array" },
"profile": { "type": "array" },
"dataLicense": { "type": "string" }
}
},
"rootElement": {
"type": "array"
"type": "array",
"items": { "type": "string" }
},
"element": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@type": { "type": "string" },
"spdxId": { "type": "string" },
"name": { "type": "string" },
"summary": { "type": "string" },
"description": { "type": "string" },
"comment": { "type": "string" },
"verifiedUsing": { "type": "array" },
"externalRef": { "type": "array" },
"externalIdentifier": { "type": "array" }
}
}
},
"namespaceMap": {
"type": "array"
"type": "array",
"items": {
"type": "object",
"properties": {
"prefix": { "type": "string" },
"namespace": { "type": "string", "format": "uri" }
}
}
},
"externalMap": {
"type": "array"
"imports": {
"type": "array",
"items": { "type": "string", "format": "uri" }
}
}
}

369
docs/schemas/stellaops.suppression.v1.schema.json
View File

@@ -1,369 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://stellaops.dev/schemas/stellaops.suppression.v1.schema.json",
"title": "StellaOps Suppression Witness v1",
"description": "A DSSE-signable suppression witness documenting why a vulnerability is not exploitable",
"type": "object",
"required": [
"witness_schema",
"witness_id",
"artifact",
"vuln",
"suppression_type",
"evidence",
"confidence",
"observed_at"
],
"properties": {
"witness_schema": {
"type": "string",
"const": "stellaops.suppression.v1",
"description": "Schema version identifier"
},
"witness_id": {
"type": "string",
"pattern": "^sup:sha256:[a-f0-9]{64}$",
"description": "Content-addressed witness ID (e.g., 'sup:sha256:...')"
},
"artifact": {
"$ref": "#/definitions/WitnessArtifact",
"description": "The artifact (SBOM, component) this witness relates to"
},
"vuln": {
"$ref": "#/definitions/WitnessVuln",
"description": "The vulnerability this witness concerns"
},
"suppression_type": {
"type": "string",
"enum": [
"Unreachable",
"LinkerGarbageCollected",
"FeatureFlagDisabled",
"PatchedSymbol",
"GateBlocked",
"CompileTimeExcluded",
"VexNotAffected",
"FunctionAbsent",
"VersionNotAffected",
"PlatformNotAffected"
],
"description": "The type of suppression (unreachable, patched, gate-blocked, etc.)"
},
"evidence": {
"$ref": "#/definitions/SuppressionEvidence",
"description": "Evidence supporting the suppression claim"
},
"confidence": {
"type": "number",
"minimum": 0.0,
"maximum": 1.0,
"description": "Confidence level in this suppression [0.0, 1.0]"
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "Optional expiration date for time-bounded suppressions (UTC ISO-8601)"
},
"observed_at": {
"type": "string",
"format": "date-time",
"description": "When this witness was generated (UTC ISO-8601)"
},
"justification": {
"type": "string",
"description": "Optional justification narrative"
}
},
"additionalProperties": false,
"definitions": {
"WitnessArtifact": {
"type": "object",
"required": ["sbom_digest", "component_purl"],
"properties": {
"sbom_digest": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$",
"description": "SHA-256 digest of the SBOM"
},
"component_purl": {
"type": "string",
"pattern": "^pkg:",
"description": "Package URL of the vulnerable component"
}
},
"additionalProperties": false
},
"WitnessVuln": {
"type": "object",
"required": ["id", "source", "affected_range"],
"properties": {
"id": {
"type": "string",
"description": "Vulnerability identifier (e.g., 'CVE-2024-12345')"
},
"source": {
"type": "string",
"description": "Vulnerability source (e.g., 'NVD', 'OSV', 'GHSA')"
},
"affected_range": {
"type": "string",
"description": "Affected version range expression"
}
},
"additionalProperties": false
},
"SuppressionEvidence": {
"type": "object",
"required": ["witness_evidence"],
"properties": {
"witness_evidence": {
"$ref": "#/definitions/WitnessEvidence"
},
"unreachability": {
"$ref": "#/definitions/UnreachabilityEvidence"
},
"patched_symbol": {
"$ref": "#/definitions/PatchedSymbolEvidence"
},
"function_absent": {
"$ref": "#/definitions/FunctionAbsentEvidence"
},
"gate_blocked": {
"$ref": "#/definitions/GateBlockedEvidence"
},
"feature_flag": {
"$ref": "#/definitions/FeatureFlagEvidence"
},
"vex_statement": {
"$ref": "#/definitions/VexStatementEvidence"
},
"version_range": {
"$ref": "#/definitions/VersionRangeEvidence"
},
"linker_gc": {
"$ref": "#/definitions/LinkerGcEvidence"
}
},
"additionalProperties": false
},
"WitnessEvidence": {
"type": "object",
"required": ["callgraph_digest"],
"properties": {
"callgraph_digest": {
"type": "string",
"description": "BLAKE3 digest of the call graph used"
},
"surface_digest": {
"type": "string",
"description": "SHA-256 digest of the attack surface manifest"
},
"analysis_config_digest": {
"type": "string",
"description": "SHA-256 digest of the analysis configuration"
},
"build_id": {
"type": "string",
"description": "Build identifier for the analyzed artifact"
}
},
"additionalProperties": false
},
"UnreachabilityEvidence": {
"type": "object",
"required": ["analyzed_entrypoints", "unreachable_symbol", "analysis_method", "graph_digest"],
"properties": {
"analyzed_entrypoints": {
"type": "integer",
"minimum": 0,
"description": "Number of entrypoints analyzed"
},
"unreachable_symbol": {
"type": "string",
"description": "Vulnerable symbol that was confirmed unreachable"
},
"analysis_method": {
"type": "string",
"description": "Analysis method (static, dynamic, hybrid)"
},
"graph_digest": {
"type": "string",
"description": "Graph digest for reproducibility"
}
},
"additionalProperties": false
},
"FunctionAbsentEvidence": {
"type": "object",
"required": ["function_name", "binary_digest", "verification_method"],
"properties": {
"function_name": {
"type": "string",
"description": "Vulnerable function name"
},
"binary_digest": {
"type": "string",
"description": "Binary digest where function was checked"
},
"verification_method": {
"type": "string",
"description": "Verification method (symbol table scan, disassembly, etc.)"
}
},
"additionalProperties": false
},
"GateBlockedEvidence": {
"type": "object",
"required": ["detected_gates", "gate_coverage_percent", "effectiveness"],
"properties": {
"detected_gates": {
"type": "array",
"items": {
"$ref": "#/definitions/DetectedGate"
},
"description": "Detected gates along all paths to vulnerable code"
},
"gate_coverage_percent": {
"type": "integer",
"minimum": 0,
"maximum": 100,
"description": "Minimum gate coverage percentage [0, 100]"
},
"effectiveness": {
"type": "string",
"description": "Gate effectiveness assessment"
}
},
"additionalProperties": false
},
"DetectedGate": {
"type": "object",
"required": ["type", "guard_symbol", "confidence"],
"properties": {
"type": {
"type": "string",
"description": "Gate type (authRequired, inputValidation, rateLimited, etc.)"
},
"guard_symbol": {
"type": "string",
"description": "Symbol that implements the gate"
},
"confidence": {
"type": "number",
"minimum": 0.0,
"maximum": 1.0,
"description": "Confidence level (0.0 - 1.0)"
},
"detail": {
"type": "string",
"description": "Human-readable detail about the gate"
}
},
"additionalProperties": false
},
"PatchedSymbolEvidence": {
"type": "object",
"required": ["vulnerable_symbol", "patched_symbol", "symbol_diff"],
"properties": {
"vulnerable_symbol": {
"type": "string",
"description": "Vulnerable symbol identifier"
},
"patched_symbol": {
"type": "string",
"description": "Patched symbol identifier"
},
"symbol_diff": {
"type": "string",
"description": "Symbol diff showing the patch"
},
"patch_ref": {
"type": "string",
"description": "Patch commit or release reference"
}
},
"additionalProperties": false
},
"VexStatementEvidence": {
"type": "object",
"required": ["vex_id", "vex_author", "vex_status", "vex_digest"],
"properties": {
"vex_id": {
"type": "string",
"description": "VEX statement identifier"
},
"vex_author": {
"type": "string",
"description": "VEX statement author/authority"
},
"vex_status": {
"type": "string",
"enum": ["not_affected", "fixed"],
"description": "VEX statement status"
},
"vex_digest": {
"type": "string",
"description": "Content digest of the VEX document"
}
},
"additionalProperties": false
},
"FeatureFlagEvidence": {
"type": "object",
"required": ["flag_name", "flag_state", "verification_source"],
"properties": {
"flag_name": {
"type": "string",
"description": "Feature flag name/key"
},
"flag_state": {
"type": "string",
"description": "Feature flag state (off, disabled)"
},
"verification_source": {
"type": "string",
"description": "Source of flag verification (config file, runtime)"
}
},
"additionalProperties": false
},
"VersionRangeEvidence": {
"type": "object",
"required": ["actual_version", "affected_range", "comparison_method"],
"properties": {
"actual_version": {
"type": "string",
"description": "Actual version of the component"
},
"affected_range": {
"type": "string",
"description": "Affected version range from advisory"
},
"comparison_method": {
"type": "string",
"description": "Version comparison method used"
}
},
"additionalProperties": false
},
"LinkerGcEvidence": {
"type": "object",
"required": ["removed_symbol", "linker_method", "verification_digest"],
"properties": {
"removed_symbol": {
"type": "string",
"description": "Symbol removed by linker GC"
},
"linker_method": {
"type": "string",
"description": "Linker garbage collection method"
},
"verification_digest": {
"type": "string",
"description": "Digest of final binary for verification"
}
},
"additionalProperties": false
}
}
}