stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add new features and tests for AirGap and Time modules
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Introduced `SbomService` tasks documentation.
- Updated `StellaOps.sln` to include new projects: `StellaOps.AirGap.Time` and `StellaOps.AirGap.Importer`.
- Added unit tests for `BundleImportPlanner`, `DsseVerifier`, `ImportValidator`, and other components in the `StellaOps.AirGap.Importer.Tests` namespace.
- Implemented `InMemoryBundleRepositories` for testing bundle catalog and item repositories.
- Created `MerkleRootCalculator`, `RootRotationPolicy`, and `TufMetadataValidator` tests.
- Developed `StalenessCalculator` and `TimeAnchorLoader` tests in the `StellaOps.AirGap.Time.Tests` namespace.
- Added `fetch-sbomservice-deps.sh` script for offline dependency fetching.
This commit is contained in:
master
2025-11-20 23:29:54 +02:00
parent 65b1599229
commit 79b8e53441
182 changed files with 6660 additions and 1242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
docs/modules/findings-ledger/prep/ledger-attestations-http.md Normal file
View File

@@ -0,0 +1,38 @@
# Ledger attestation HTTP surface (prep for LEDGER-OBS-54-001 / 55-001)
**Goal.** Provide the minimal HTTP contract to expose ledger attestation verifications so PREP-LEDGER-OBS-55-001 can proceed. This complements the OAS baseline (`docs/modules/findings-ledger/openapi/findings-ledger.v1.yaml`) and schema (`docs/modules/findings-ledger/schema.md`).
## Endpoint
- `GET /v1/ledger/attestations`
- Tenant header: `X-Stella-Tenant` (required).
- Auth: bearer `scope=ledger.attest.read` or mTLS.
- Query params:
- `artifactId` (string, optional; OCI digest or SBOM id)
- `findingId` (string, optional)
- `attestationId` (uuid, optional)
- `status` (`verified|failed|unknown`, optional)
- `sinceRecordedAt` / `untilRecordedAt` (ISO-8601 UTC)
- `limit` (int, default 200, max 1000)
- Ordering: deterministic by `recordedAt ASC, attestationId ASC`.
- Response: JSON array (or NDJSON when `Accept: application/x-ndjson`). Each item:
- `attestationId` (uuid)
- `artifactId` (string)
- `findingId` (string)
- `verificationStatus` (`verified|failed|unknown`)
- `verificationTime` (ISO-8601 UTC)
- `dsseDigest` (sha256)
- `rekorEntryId` (string, optional)
- `evidenceBundleRef` (string, optional)
- `ledgerEventId` (uuid) — source ledger event that linked the attestation
- `recordedAt` (ISO-8601 UTC)
- `merkleLeafHash` (sha256)
- `rootHash` (sha256)
## Determinism/offline posture
- Sorting keys are fixed; pagination token encodes `{recordedAt, attestationId, filtersHash}`.
- No live Rekor calls; `rekorEntryId` is stored reference only.
- Hashes remain lowercase SHA-256; times are UTC.
## Artefact location
- This prep doc: `docs/modules/findings-ledger/prep/ledger-attestations-http.md`.
- Add path to OAS in a follow-on increment (LEDGER-OAS-61-002/63-001) once approved.