consolidation of some of the modules, localization fixes, product advisories work, qa work
This commit is contained in:
master
25
tests/supply-chain/05-corpus/README.md
Normal file
25
tests/supply-chain/05-corpus/README.md
Normal file
@@ -0,0 +1,25 @@
|
||||
# Supply-Chain Fuzz Corpus
|
||||
|
||||
This corpus is the deterministic seed set for `tests/supply-chain`.
|
||||
|
||||
## Layout
|
||||
|
||||
- `fixtures/sboms/`: CycloneDX-like SBOM samples used for JCS and mutation lanes.
|
||||
- `fixtures/attestations/`: DSSE envelope examples.
|
||||
- `fixtures/vex/`: OpenVEX-like samples.
|
||||
- `fixtures/malformed/`: intentionally malformed JSON payloads.
|
||||
|
||||
## Update Procedure (Deterministic)
|
||||
|
||||
1. Add new fixture files under the correct `fixtures/*` directory.
|
||||
2. Keep file names stable and monotonic (`*-001`, `*-002`, ...).
|
||||
3. Regenerate archive manifest with:
|
||||
- `python tests/supply-chain/05-corpus/build_corpus_archive.py --output out/supply-chain/05-corpus`
|
||||
4. Run suite smoke profile:
|
||||
- `python tests/supply-chain/run_suite.py --profile smoke --seed 20260226`
|
||||
5. If a crash is fixed, add the minimized repro fixture before merge.
|
||||
|
||||
## Notes
|
||||
|
||||
- No network I/O is required to consume this corpus.
|
||||
- All lane scripts use fixed seed defaults to keep replay deterministic.
|
||||
Reference in New Issue
Block a user