stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add determinism tests for verdict artifact generation and update SHA256 sums script

Browse Source 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
This commit is contained in:
StellaOps Bot
2025-12-24 02:17:34 +02:00
parent e59921374e
commit 7503c19b8f
390 changed files with 37389 additions and 5380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
docs/vuln/explorer-using-console.md
View File

@@ -1,10 +1,32 @@
# Archived: Vulnerability Explorer (Using the Console)
# Vulnerability Explorer Using the Console
This page was consolidated into the canonical guides:
This document describes the operator workflow for triaging findings in the Console. It is intentionally evidence-first and audit-oriented.
- `docs/15_UI_GUIDE.md`
- `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
## Workflow (Typical)
The previous draft has been archived to:
1. Start from the findings list filtered to the tenant/environment you care about.
2. Open a finding to review:
- Verdict and “why” summary
- Effective VEX status and issuer provenance
- Reachability/impact signals (when available)
- Policy gate and explain trace
3. Record a triage action (assign/comment/mitigation/exception) with justification.
4. Export an evidence bundle when review, escalation, or offline verification is required.
- `docs/_archive/vuln/explorer-using-console.md`
## What to Expect in a Finding View
- Clear tenant context and artifact identifiers
- Evidence rail (SBOM, VEX, advisories, reachability, attestations)
- History/timeline of state changes and actions (append-only)
- Copyable identifiers (finding ID, digests, correlation IDs)
## Offline / Air-Gap Notes
- When operating from Offline Kit snapshots, the Console should surface snapshot identity and staleness budgets.
- Evidence bundle export is the primary bridge between online and offline review.
## References
- Console operator guide: `docs/15_UI_GUIDE.md`
- Vulnerability Explorer guide: `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
- Offline Kit: `docs/24_OFFLINE_KIT.md`