save checkpoint
This commit is contained in:
master
@@ -0,0 +1,48 @@
|
||||
# Offline Kit Import and Attestation Verification
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
VERIFIED
|
||||
|
||||
## Description
|
||||
Offline kit import service and offline attestation verifier with test coverage in Scanner module, enabling verification of DSSE-signed attestations without network access.
|
||||
|
||||
## Implementation Details
|
||||
- **Offline Kit Import**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitImportService.cs` - `OfflineKitImportService` imports offline vulnerability data kits
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitManifestService.cs` - `OfflineKitManifestService` manages offline kit manifests
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitContracts.cs` - Contract models for offline kit operations
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitStateStore.cs` - State tracking for imported kits
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitMetricsStore.cs` - Metrics tracking for import operations
|
||||
- **Attestation Verification**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/IOfflineAttestationVerifier.cs` - `IOfflineAttestationVerifier` interface for verifying DSSE-signed attestations offline
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/OfflineAttestationVerifier.cs` - `OfflineAttestationVerifier` verifies DSSE signatures without network access using local trust anchors
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/NullOfflineKitAuditEmitter.cs` - Null audit emitter for environments without audit logging
|
||||
- **API Endpoints**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/OfflineKitEndpoints.cs` - REST endpoints for importing and managing offline kits
|
||||
- **Configuration**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Core/Configuration/OfflineKitOptions.cs` - `OfflineKitOptions` configuration model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Core/Configuration/OfflineKitOptionsValidator.cs` - Options validation
|
||||
- **Trust Anchors**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Core/TrustAnchors/TrustAnchorRegistry.cs` - `TrustAnchorRegistry` manages local trust anchors for offline verification
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Import an offline vulnerability kit via the `OfflineKitEndpoints` and verify it is accepted and stored
|
||||
- [ ] Verify DSSE-signed attestations within the kit are verified using local trust anchors without network access
|
||||
- [ ] Verify import of a tampered kit fails attestation verification
|
||||
- [ ] Verify kit manifest service correctly lists available kits and their status
|
||||
- [ ] Verify offline kit state tracking records import timestamps and kit versions
|
||||
- [ ] Verify the scanner operates correctly with offline kit data as its vulnerability source
|
||||
|
||||
---
|
||||
|
||||
## Verification
|
||||
|
||||
| Check | Result |
|
||||
|-------|--------|
|
||||
| Tier 0 - Source files exist | PASS |
|
||||
| Tier 1 - Build + code review | PASS |
|
||||
| Tier 2 - Integration tests | PASS |
|
||||
| Verified | 2026-02-13T18:10:00Z |
|
||||
Reference in New Issue
Block a user