Add determinism tests for verdict artifact generation and update SHA256 sums script
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
This commit is contained in:
StellaOps Bot
@@ -1,12 +1,40 @@
|
||||
# Archived: Console Forensics Notes
|
||||
# Console Forensics and Evidence Review
|
||||
|
||||
This page was consolidated into canonical docs:
|
||||
This document describes how the Console supports forensic review of decisions: timelines, evidence viewing, attestation verification, and audit exports.
|
||||
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
- `docs/forensics/evidence-locker.md`
|
||||
- `docs/forensics/provenance-attestation.md`
|
||||
- `docs/forensics/timeline.md`
|
||||
## Timeline Explorer
|
||||
|
||||
The previous note has been archived to:
|
||||
The timeline view should enable:
|
||||
|
||||
- `docs/_archive/console/forensics.md`
|
||||
- Filtering by tenant, artifact, finding, and time window
|
||||
- Drill-down from a verdict to its evidence objects (SBOM slice, VEX observation/linkset, reachability proof, policy explain trace)
|
||||
- Visibility into operator actions (triage actions, exceptions, approvals) as append-only events
|
||||
|
||||
## Evidence Viewer
|
||||
|
||||
Evidence viewing should prioritize:
|
||||
|
||||
- Clear provenance (issuer identity, timestamps, digests)
|
||||
- Verification state (signature verified/failed/unknown)
|
||||
- Deterministic identifiers so auditors can replay and compare
|
||||
|
||||
## Attestation Verification
|
||||
|
||||
When presenting attestations (DSSE/in-toto):
|
||||
|
||||
- Display verification status and key identity
|
||||
- Link to transparency log proof when configured
|
||||
- Allow exporting the DSSE envelope and the referenced artifacts
|
||||
|
||||
## Export / Verify Workflows
|
||||
|
||||
Exports are the bridge between online and offline review:
|
||||
|
||||
- Exports should be deterministic (stable ordering, UTC timestamps).
|
||||
- Export bundles should include integrity metadata (digests) so offline reviewers can verify without trusting a live service.
|
||||
|
||||
## References
|
||||
|
||||
- Console operator guide: `docs/15_UI_GUIDE.md`
|
||||
- Offline Kit: `docs/24_OFFLINE_KIT.md`
|
||||
- Vulnerability Explorer guide (triage model): `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
|
||||
|
||||
Reference in New Issue
Block a user