up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
oas-ci / oas-validate (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
sm-remote-ci / build-and-test (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
oas-ci / oas-validate (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
sm-remote-ci / build-and-test (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
This commit is contained in:
StellaOps Bot
@@ -0,0 +1,66 @@
|
||||
using StellaOps.Replay.Core;
|
||||
|
||||
namespace StellaOps.Scanner.ProofSpine;
|
||||
|
||||
/// <summary>
|
||||
/// Represents a complete verifiable decision chain from SBOM to VEX verdict.
|
||||
/// </summary>
|
||||
public sealed record ProofSpine(
|
||||
string SpineId,
|
||||
string ArtifactId,
|
||||
string VulnerabilityId,
|
||||
string PolicyProfileId,
|
||||
IReadOnlyList<ProofSegment> Segments,
|
||||
string Verdict,
|
||||
string VerdictReason,
|
||||
string RootHash,
|
||||
string ScanRunId,
|
||||
DateTimeOffset CreatedAt,
|
||||
string? SupersededBySpineId);
|
||||
|
||||
/// <summary>
|
||||
/// A single evidence segment in the proof chain.
|
||||
/// </summary>
|
||||
public sealed record ProofSegment(
|
||||
string SegmentId,
|
||||
ProofSegmentType SegmentType,
|
||||
int Index,
|
||||
string InputHash,
|
||||
string ResultHash,
|
||||
string? PrevSegmentHash,
|
||||
DsseEnvelope Envelope,
|
||||
string ToolId,
|
||||
string ToolVersion,
|
||||
ProofSegmentStatus Status,
|
||||
DateTimeOffset CreatedAt);
|
||||
|
||||
public sealed record GuardCondition(
|
||||
string Name,
|
||||
string Type,
|
||||
string Value,
|
||||
bool Passed);
|
||||
|
||||
/// <summary>
|
||||
/// Segment types in execution order.
|
||||
/// </summary>
|
||||
public enum ProofSegmentType
|
||||
{
|
||||
SbomSlice = 1,
|
||||
Match = 2,
|
||||
Reachability = 3,
|
||||
GuardAnalysis = 4,
|
||||
RuntimeObservation = 5,
|
||||
PolicyEval = 6
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Verification status of a segment.
|
||||
/// </summary>
|
||||
public enum ProofSegmentStatus
|
||||
{
|
||||
Pending = 0,
|
||||
Verified = 1,
|
||||
Partial = 2,
|
||||
Invalid = 3,
|
||||
Untrusted = 4
|
||||
}
|
||||
Reference in New Issue
Block a user