stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

docs consolidation, big sln build fixes, new advisories and sprints/tasks

Browse Source
This commit is contained in:
master
2026-01-05 18:37:04 +02:00
parent d0a7b88398
commit d7bdca6d97
175 changed files with 10322 additions and 307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/UI_GUIDE.md
View File

@@ -17,7 +17,7 @@ Out of scope: API shapes, schema details, and UI component implementation.
- **Tenant context:** most views are tenant-scoped; switching tenants changes what evidence you see and what actions you can take.
- **Evidence-linked decisions:** verdicts (ship/block/needs-exception) should link to the SBOM facts, advisory/VEX observations, reachability proofs, and policy explanations that justify them.
- **Effective VEX:** the platform computes an effective status using issuer trust and policy rules, without rewriting upstream VEX (see `docs/16_VEX_CONSENSUS_GUIDE.md`).
- **Effective VEX:** the platform computes an effective status using issuer trust and policy rules, without rewriting upstream VEX (see `docs/VEX_CONSENSUS_GUIDE.md`).
- **Snapshots and staleness:** offline sites operate on snapshots; the Console should surface snapshot identity and freshness rather than hide it.
## Workspaces (Navigation)
@@ -46,21 +46,21 @@ The Console is organized into workspaces. Names vary slightly by build, but the
3. Record a triage action (assign/comment/ack/mute/exception request) with justification.
4. Export an evidence bundle when review, escalation, or offline verification is required.
See `docs/20_VULNERABILITY_EXPLORER_GUIDE.md` for the conceptual model and determinism requirements.
See `docs/VULNERABILITY_EXPLORER_GUIDE.md` for the conceptual model and determinism requirements.
### Review VEX Conflicts and Issuer Trust
- Use **Advisories & VEX** to see which providers contributed statements, whether signatures verified, and where conflicts exist.
- The Console should not silently hide conflicts; it should show what disagrees and why, and how policy resolved it.
See `docs/16_VEX_CONSENSUS_GUIDE.md` for the underlying concepts.
See `docs/VEX_CONSENSUS_GUIDE.md` for the underlying concepts.
### Export and Verify Evidence Bundles
- Exports are intended to be portable and verifiable (audits, incident response, air-gap review).
- Expect deterministic ordering, UTC timestamps, and hash manifests.
See `docs/24_OFFLINE_KIT.md` for packaging and offline verification workflows.
See `docs/OFFLINE_KIT.md` for packaging and offline verification workflows.
## Offline / Air-Gap Expectations
@@ -99,9 +99,9 @@ UX and interaction contracts:
## Related Docs
- `docs/16_VEX_CONSENSUS_GUIDE.md`
- `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
- `docs/24_OFFLINE_KIT.md`
- `docs/VEX_CONSENSUS_GUIDE.md`
- `docs/VULNERABILITY_EXPLORER_GUIDE.md`
- `docs/OFFLINE_KIT.md`
- `docs/cli-vs-ui-parity.md`
- `docs/architecture/console-admin-rbac.md`
- `docs/architecture/console-branding.md`