stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add determinism tests for verdict artifact generation and update SHA256 sums script

Browse Source 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
This commit is contained in:
StellaOps Bot
2025-12-24 02:17:34 +02:00
parent e59921374e
commit 7503c19b8f
390 changed files with 37389 additions and 5380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/vuln/explorer-overview.md
View File

@@ -1,10 +1,25 @@
# Archived: Vulnerability Explorer Overview
# Vulnerability Explorer Overview (Detailed)
This page was consolidated into the canonical guides:
The Vulnerability Explorer is the evidence-linked triage surface that brings together SBOM facts, advisory/VEX evidence, reachability signals, policy explainability, and operator decisions into a single auditable workflow.
- `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
- `docs/15_UI_GUIDE.md`
This document complements the high-level guide `docs/20_VULNERABILITY_EXPLORER_GUIDE.md` with additional detail and cross-links.
The previous draft has been archived to:
## Core Objects
- `docs/_archive/vuln/explorer-overview.md`
- **Finding record:** the current enriched view of a vulnerability for a specific artifact/context (tenant, artifact/image digest, policy version).
- **History:** append-only state transitions suitable for audit and replay.
- **Triage actions:** operator actions (assignment, comment, mitigation note, exception request) with provenance.
- **Evidence references:** stable pointers to evidence objects (SBOM slices, VEX observations/linksets, reachability proofs, explain traces, attestations).
## Key Properties
- **Narrative-first:** default view answers “Can I ship? If not, why? Whats the smallest safe change?”
- **Proof-linked:** every important fact links to evidence (no “trust the UI”).
- **Quiet by default, never silent:** suppression/muting is reversible and auditable.
- **Offline-ready:** evidence bundles are verifiable without online lookups.
## References
- High-level guide: `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
- Console operator guide: `docs/15_UI_GUIDE.md`
- Module dossier: `docs/modules/vuln-explorer/architecture.md`