Add receipt input JSON and SHA256 hash for CVSS policy scoring tests
- Introduced a new JSON fixture `receipt-input.json` containing base, environmental, and threat metrics for CVSS scoring. - Added corresponding SHA256 hash file `receipt-input.sha256` to ensure integrity of the JSON fixture.
This commit is contained in:
StellaOps Bot
@@ -53,7 +53,16 @@ This guide explains how to produce a compliant submission for the Stella Ops rea
|
||||
- `submission.json`
|
||||
- Tool version & configuration (README)
|
||||
- Optional logs and runtime metrics
|
||||
- For production submissions, sign `submission.json` with DSSE and record the envelope under `signatures` in the manifest (see `benchmark/manifest.sample.json`).
|
||||
- Do **not** include binaries that require network access or licenses we cannot redistribute.
|
||||
|
||||
## Provenance & Manifest
|
||||
- Reference kit manifest: `benchmark/manifest.sample.json` (schema: `benchmark/schemas/benchmark-manifest.schema.json`).
|
||||
- Validate your bundle offline:
|
||||
```bash
|
||||
python tools/verify_manifest.py benchmark/manifest.sample.json --root bench/reachability-benchmark
|
||||
```
|
||||
- Determinism templates: `benchmark/templates/determinism/*.env` can be sourced by build scripts per language.
|
||||
|
||||
## Support
|
||||
- Open issues in the public repo (once live) or provide a reproducible script that runs fully offline.
|
||||
|
||||
Reference in New Issue
Block a user