consolidation of some of the modules, localization fixes, product advisories work, qa work
This commit is contained in:
master
@@ -9,6 +9,16 @@ Immutable, append-only event ledger for tracking vulnerability findings, policy
|
||||
- **Merkle anchoring**: Event chains are Merkle-linked for tamper-evident verification.
|
||||
- **Tenant isolation**: All events are partitioned by tenant with cross-tenant access forbidden.
|
||||
|
||||
## Consolidated modules (Sprint 207)
|
||||
|
||||
The `src/Findings/` directory is the unified home for all findings-related services:
|
||||
|
||||
- **Findings Ledger** (`StellaOps.Findings.Ledger`, `StellaOps.Findings.Ledger.WebService`): Core append-only event ledger.
|
||||
- **RiskEngine** (`StellaOps.RiskEngine.Core`, `StellaOps.RiskEngine.WebService`, `StellaOps.RiskEngine.Worker`): Computes risk scores using CVSS, EPSS, KEV, exploit maturity, fix-chain attestation, and VEX gates. Infrastructure lives under `__Libraries/StellaOps.RiskEngine.Infrastructure`.
|
||||
- **VulnExplorer** (`StellaOps.VulnExplorer.Api`): API surface for browsing findings, evidence subgraphs, triage workflows, and VEX decision management. Shared contracts from `StellaOps.VulnExplorer.WebService`.
|
||||
|
||||
Previously archived docs for RiskEngine and VulnExplorer are in `docs-archived/modules/risk-engine/` and `docs-archived/modules/vuln-explorer/`.
|
||||
|
||||
## Quick links
|
||||
- FL1–FL10 remediation tracker: `gaps-FL1-FL10.md`
|
||||
- Implementation plan: `implementation_plan.md`
|
||||
|
||||
Reference in New Issue
Block a user