product advisories add change contiang folder

2026-01-08 09:06:03 +02:00
parent ae6968d23f
commit 8f0320edd5
599 changed files with 1110 additions and 565 deletions
--- a/docs/modules/export-center/architecture.md
+++ b/docs/modules/export-center/architecture.md
@@ -25,7 +25,7 @@ The Export Center is the dedicated service layer that packages StellaOps evidenc
 - Integrity: require checksum/signature headers and OCI annotations; mirror delta/tombstone rules documented for adapters.
 - Security: cross-tenant exports denied by default; enforce approval tokens and encryption recipient validation.
 - Offline parity: provide export-kit packaging + verify script for air-gap consumers; include fixtures under `src/ExportCenter/__fixtures`.
- Advisory link: see `docs/product-advisories/28-Nov-2025 - Export Center and Reporting Strategy.md` (EC1–EC10) for original requirements and keep it alongside sprint tasks for implementers.
+- Advisory link: see `docs/product/advisories/28-Nov-2025 - Export Center and Reporting Strategy.md` (EC1–EC10) for original requirements and keep it alongside sprint tasks for implementers.

 ## Job lifecycle
 1. **Profile selection.** Operator or automation picks a profile (`json:raw`, `json:policy`, `trivy:db`, `trivy:java-db`, `mirror:full`, `mirror:delta`) and submits scope selectors (tenant, time window, products, SBOM subjects, ecosystems). See `docs/modules/export-center/profiles.md` for profile definitions and configuration fields.
@@ -88,7 +88,7 @@ Audit bundles are a specialized Export Center output: a deterministic, immutable
  - `GET /v1/audit-bundles` - List previously created bundles.
  - `GET /v1/audit-bundles/{bundleId}` - Returns job metadata (`Accept: application/json`) or streams bundle bytes (`Accept: application/octet-stream`).
 - **Typical contents**: vuln reports, SBOM(s), VEX decisions, policy evaluations, and DSSE attestations, plus an integrity root hash and optional OCI reference.
- **Reference**: `docs/product-advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`.
+- **Reference**: `docs/product/advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`.

 ## Adapter responsibilities
 - **JSON (`json:raw`, `json:policy`).**
--- a/docs/modules/export-center/determinism.md
+++ b/docs/modules/export-center/determinism.md
@@ -1,6 +1,6 @@
 # Export Center Determinism & Rerun Hash Guide

-Advisory anchor: `docs/product-advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Export Center and Reporting Strategy.md` (EC1–EC10).
+Advisory anchor: `docs/product/advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Export Center and Reporting Strategy.md` (EC1–EC10).

 ## EC1 — Signed schemas
 - Export profile schema: `docs/modules/export-center/schemas/export-profile.schema.json` (selectors, approvals, quotas).