# EvidenceLocker **Status:** Implemented **Source:** `src/EvidenceLocker/` **Owner:** Platform Team ## Purpose EvidenceLocker provides sealed, immutable storage for vulnerability scan evidence and audit logs. Ensures tamper-proof evidence chains for compliance and forensic analysis with content-addressable storage and cryptographic sealing. ## Components **Services:** - `StellaOps.EvidenceLocker.WebService` - HTTP API for evidence submission and retrieval - `StellaOps.EvidenceLocker.Worker` - Background sealing and archival workers **Libraries:** - `StellaOps.EvidenceLocker.Core` - Evidence sealing, verification, and chain validation - `StellaOps.EvidenceLocker.Infrastructure` - Storage adapters and evidence bundle management ## Configuration See `etc/evidence-locker.yaml.sample` for configuration options (if available). Key settings: - Storage backend (filesystem, object storage) - Sealing policy (immediate vs. batch) - Retention policies - Export destinations - Authority integration for access control ## Dependencies - PostgreSQL (schema: `evidence_locker`) - Authority (authentication and authorization) - Signer (cryptographic sealing operations) - ExportCenter (evidence bundle export) ## Related Documentation - Operations: `./operations/` (if exists) - Portable pack contract: `./portable-audit-pack-contract.md` - Portable manifest schema: `./schemas/portable-audit-pack-manifest.v1.schema.json` - Portable compatibility mapping: `./portable-audit-pack-compatibility.md` - Portable determinism profile: `./portable-audit-pack-determinism.md` - Portable Rekor offline profile: `./portable-audit-pack-rekor-offline.md` - Portable CLI runbook: `./portable-audit-pack-cli-runbook.md` - Portable Parquet profile: `./portable-audit-pack-parquet-profile.md` - Portable verification matrix: `./portable-audit-pack-test-matrix.md` - Promotion evidence contract: `./promotion-evidence-contract.md` - ExportCenter: `../export-center/` - Attestor: `../attestor/` - High-Level Architecture: `../../ARCHITECTURE_OVERVIEW.md` ## Current Status Implemented with WebService and Worker components. Supports sealed evidence storage with cryptographic verification. Integrated with ExportCenter for audit bundle generation.