stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

test fixes and new product advisories work

Browse Source
This commit is contained in:
master
2026-01-28 02:30:48 +02:00
parent 82caceba56
commit 644887997c
288 changed files with 69101 additions and 375 deletions
Download Patch File Download Diff File Expand all files Collapse all files

257
docs/releases/evidence-pack-schema.json Normal file
View File

@@ -0,0 +1,257 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stella-ops.io/schemas/evidence-pack-manifest/v1.0.0",
"title": "Release Evidence Pack Manifest",
"description": "Schema for Stella Ops Release Evidence Pack manifest.json files",
"type": "object",
"required": [
"bundleFormatVersion",
"releaseVersion",
"createdAt",
"sourceCommit",
"artifacts"
],
"properties": {
"bundleFormatVersion": {
"type": "string",
"description": "Version of the evidence pack format",
"pattern": "^\\d+\\.\\d+\\.\\d+$",
"examples": ["1.0.0"]
},
"releaseVersion": {
"type": "string",
"description": "Version of the Stella Ops release",
"examples": ["2.5.0", "1.2.3-beta.1"]
},
"createdAt": {
"type": "string",
"format": "date-time",
"description": "ISO 8601 timestamp when the evidence pack was created"
},
"sourceCommit": {
"type": "string",
"description": "Git commit SHA of the source code",
"pattern": "^[a-f0-9]{40}$"
},
"sourceDateEpoch": {
"type": "integer",
"description": "Unix timestamp used for reproducible builds (SOURCE_DATE_EPOCH)",
"minimum": 0
},
"artifacts": {
"type": "array",
"description": "List of release artifacts in this pack",
"items": {
"$ref": "#/$defs/artifactEntry"
},
"minItems": 1
},
"checksums": {
"type": "object",
"description": "Checksum files included in the pack",
"properties": {
"sha256": {
"$ref": "#/$defs/checksumEntry"
},
"sha512": {
"$ref": "#/$defs/checksumEntry"
}
}
},
"sboms": {
"type": "array",
"description": "Software Bill of Materials files",
"items": {
"$ref": "#/$defs/sbomReference"
}
},
"provenanceStatements": {
"type": "array",
"description": "SLSA v1.0 provenance statements",
"items": {
"$ref": "#/$defs/provenanceReference"
}
},
"attestations": {
"type": "array",
"description": "DSSE attestation bundles",
"items": {
"$ref": "#/$defs/attestationReference"
}
},
"rekorProofs": {
"type": "array",
"description": "Rekor transparency log inclusion proofs",
"items": {
"$ref": "#/$defs/rekorProofEntry"
}
},
"signingKeyFingerprint": {
"type": "string",
"description": "SHA-256 fingerprint of the signing public key"
},
"rekorLogId": {
"type": "string",
"description": "Rekor log ID (tree ID) for transparency log entries"
}
},
"$defs": {
"artifactEntry": {
"type": "object",
"required": ["name", "path", "sha256"],
"properties": {
"name": {
"type": "string",
"description": "Display name of the artifact"
},
"path": {
"type": "string",
"description": "Relative path within the evidence pack"
},
"sha256": {
"type": "string",
"description": "SHA-256 hash of the artifact",
"pattern": "^[a-f0-9]{64}$"
},
"sha512": {
"type": "string",
"description": "SHA-512 hash of the artifact",
"pattern": "^[a-f0-9]{128}$"
},
"signaturePath": {
"type": "string",
"description": "Relative path to the detached signature file"
},
"size": {
"type": "integer",
"description": "File size in bytes",
"minimum": 0
},
"platform": {
"type": "string",
"description": "Target platform (e.g., linux-x64, macos-arm64, windows-x64)"
},
"mediaType": {
"type": "string",
"description": "MIME type of the artifact"
}
}
},
"checksumEntry": {
"type": "object",
"required": ["path"],
"properties": {
"path": {
"type": "string",
"description": "Relative path to the checksum file"
},
"signaturePath": {
"type": "string",
"description": "Relative path to the signature of the checksum file"
}
}
},
"sbomReference": {
"type": "object",
"required": ["path", "format"],
"properties": {
"path": {
"type": "string",
"description": "Relative path to the SBOM file"
},
"format": {
"type": "string",
"description": "SBOM format",
"enum": ["cyclonedx", "spdx"]
},
"version": {
"type": "string",
"description": "SBOM format version (e.g., 1.5 for CycloneDX)"
},
"signaturePath": {
"type": "string",
"description": "Relative path to the signature file"
},
"component": {
"type": "string",
"description": "Component this SBOM describes"
}
}
},
"provenanceReference": {
"type": "object",
"required": ["path", "predicateType"],
"properties": {
"path": {
"type": "string",
"description": "Relative path to the provenance file"
},
"predicateType": {
"type": "string",
"description": "SLSA predicate type URI",
"examples": ["https://slsa.dev/provenance/v1"]
},
"signaturePath": {
"type": "string",
"description": "Relative path to the signature file"
},
"builderId": {
"type": "string",
"description": "Builder ID from the provenance"
},
"slsaLevel": {
"type": "integer",
"description": "SLSA level of this provenance (1-4)",
"minimum": 1,
"maximum": 4
}
}
},
"attestationReference": {
"type": "object",
"required": ["path", "type"],
"properties": {
"path": {
"type": "string",
"description": "Relative path to the attestation file"
},
"type": {
"type": "string",
"description": "Attestation type",
"enum": ["dsse", "sigstore-bundle", "in-toto"]
},
"predicateType": {
"type": "string",
"description": "Predicate type URI for in-toto/DSSE attestations"
}
}
},
"rekorProofEntry": {
"type": "object",
"required": ["uuid", "logIndex"],
"properties": {
"uuid": {
"type": "string",
"description": "Rekor entry UUID"
},
"logIndex": {
"type": "integer",
"description": "Index in the Rekor log",
"minimum": 0
},
"integratedTime": {
"type": "integer",
"description": "Unix timestamp when entry was added to log"
},
"inclusionProofPath": {
"type": "string",
"description": "Relative path to the inclusion proof JSON file"
},
"artifactName": {
"type": "string",
"description": "Name of the artifact this proof applies to"
}
}
}
}
}