stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

up
Some checks failed
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-13 09:37:15 +02:00
parent e00f6365da
commit 6e45066e37
349 changed files with 17160 additions and 1867 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
samples/reachability/openvex-not-affected-sample.json Normal file
View File

@@ -0,0 +1,68 @@
{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "https://stellaops.example/vex/2025-12-13/CVE-2023-XXXXX-not-affected",
"author": "StellaOps Policy Engine",
"role": "automated-scanner",
"timestamp": "2025-12-13T10:00:00Z",
"version": 1,
"tooling": "StellaOps/1.0.0",
"statements": [
{
"vulnerability": {
"@id": "CVE-2023-XXXXX",
"name": "CVE-2023-XXXXX",
"description": "Example vulnerability in deprecated API."
},
"products": [
{
"@id": "pkg:oci/myapp@sha256:abc123def456789012345678901234567890123456789012345678901234abcd",
"identifiers": {
"purl": "pkg:oci/myapp@sha256:abc123def456789012345678901234567890123456789012345678901234abcd"
},
"subcomponents": [
{
"@id": "pkg:maven/com.example/deprecated-lib@1.0.0",
"identifiers": {
"purl": "pkg:maven/com.example/deprecated-lib@1.0.0"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "The deprecated API containing the vulnerable code path is not reachable from any entry point. Static analysis found no paths, and runtime probes observed zero invocations over 72 hours.",
"stellaops:reachability": {
"state": "CU",
"state_description": "ConfirmedUnreachable",
"confidence": 0.88,
"graph_hash": "blake3:d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5",
"graph_cas_uri": "cas://reachability/graphs/d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5",
"dsse_uri": "cas://reachability/graphs/d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5.dsse",
"path": [],
"path_length": 0,
"evidence": {
"static": {
"graph_hash": "blake3:d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5",
"path_length": 0,
"confidence": 0.85,
"analysis_note": "No path found from any root to vulnerable symbol"
},
"runtime": {
"probe_id": "probe:jfr:scan-456-001",
"hit_count": 0,
"observed_at": "2025-12-13T09:45:00Z",
"observation_window": "72h",
"analysis_note": "Zero invocations observed during 72-hour monitoring window"
}
},
"fact_digest": "sha256:f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7",
"fact_version": 2,
"analyzer": {
"name": "scanner.java",
"version": "1.2.0"
}
}
}
]
}