stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
docs/features/checked/scanner/findingevidence-composition-api-endpoint.md Normal file
View File

@@ -0,0 +1,42 @@
# FindingEvidence Composition API Endpoint
## Module
Scanner
## Status
VERIFIED
## Description
REST API endpoint that composes per-finding evidence bundles by aggregating SBOM slices, reachability proofs, VEX documents, and attestation chains into a unified evidence response. EvidenceCompositionService orchestrates multi-source evidence assembly on demand.
## Implementation Details
- **Evidence Composition Service**:
- `src/Scanner/StellaOps.Scanner.WebService/Services/IEvidenceCompositionService.cs` - `IEvidenceCompositionService` interface
- `src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceCompositionService.cs` - Orchestrates multi-source evidence assembly (SBOM slices, reachability, VEX, attestations)
- `src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceCompositionService.cs` - `EvidenceCompositionOptions` for configuring evidence sources
- **Evidence Endpoints**:
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/EvidenceEndpoints.cs` - `EvidenceEndpoints` for listing and querying evidence
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEvidenceEndpoints.cs` - Reachability-specific evidence endpoints
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaEvidenceEndpoints.cs` - Delta evidence endpoints
- **Evidence Export**:
- `src/Scanner/StellaOps.Scanner.WebService/Services/IEvidenceBundleExporter.cs` - Evidence bundle export interface
- `src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceBundleExporter.cs` - Exports evidence bundles in multiple formats
## E2E Test Plan
- [ ] Call the evidence composition endpoint for a specific finding and verify a unified evidence response is returned
- [ ] Verify the response includes SBOM slice data for the affected component
- [ ] Verify the response includes reachability proof when reachability analysis was performed
- [ ] Verify the response includes VEX document references when VEX data is available
- [ ] Verify the response includes attestation chain verification status
- [ ] Verify evidence bundle export works in supported formats
---
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |