# CycloneDX Evidence Panel with Pedigree Timeline ## Module Web ## Status VERIFIED ## Description Component detail page with CycloneDX 1.7 evidence panel showing identity evidence with detection methods, occurrence file paths, license evidence with acknowledgement status, and copyright information. Includes a D3.js horizontal pedigree timeline visualization showing ancestor-variant-current component lineage, a patch list viewer with diff rendering, and commit info display. ## Implementation Details - **Feature directory**: `src/Web/StellaOps.Web/src/app/features/evidence/` - **Routes**: `evidence.routes.ts` - **Components**: - `evidence-center-page` (`src/Web/StellaOps.Web/src/app/features/evidence/evidence-center-page.component.ts`) - `evidence-packet-page` (`src/Web/StellaOps.Web/src/app/features/evidence/evidence-packet-page.component.ts`) - `evidence-page` (`src/Web/StellaOps.Web/src/app/features/evidence/evidence-page.component.ts`) - `evidence-panel` (`src/Web/StellaOps.Web/src/app/features/evidence/evidence-panel.component.ts`) - `audit-bundle-create-modal` (`src/Web/StellaOps.Web/src/app/features/evidence/modals/audit-bundle-create-modal.component.ts`) - **Source**: Feature matrix scan ## E2E Test Plan - **Setup**: - [ ] Log in with a user that has appropriate permissions - [ ] Navigate to `/evidence` - [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed) - **Core verification**: - [ ] Verify the panel/drawer opens on trigger (click, keyboard shortcut) - [ ] Verify the panel displays the correct detail data for the selected item - [ ] Verify the panel can be closed (X button, Escape key, backdrop click) - **Edge cases**: - [ ] Verify graceful handling when backend API is unavailable (error state) - [ ] Verify responsive layout at different viewport sizes - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes) ## Verification - Date: 2026-02-10 - Run artifacts: docs/qa/feature-checks/runs/web/cyclonedx-evidence-panel-with-pedigree-timeline/run-001/ - Tier results: - tier0-source-check.json: pass - tier1-build-check.json: pass - tier2-e2e-check.json: pass ## Recheck (run-003) - Date (UTC): 2026-02-11 - Status: VERIFIED (strict Tier 2 UI replay) - Tier 1 evidence: Focused cyclonedx evidence suites passed 4/4 across 2 files. - Tier 2 evidence: `docs/qa/feature-checks/runs/web/cyclonedx-evidence-panel-with-pedigree-timeline/run-003/tier2-ui-check.json` - Replay scope: - Navigate to `/qa/sbom-component-detail` and verify evidence + pedigree headings, patch summary, and timeline nodes. - Open occurrences drawer and validate evidence detail content and close behavior. - Open and close patch diff modal via overlay interaction. ## Recheck (run-004) - Date (UTC): 2026-02-11T10:08:09Z - Status: PASSED (strict Tier 2 UI replay) - Tier 2 evidence: docs/qa/feature-checks/runs/web/cyclonedx-evidence-panel-with-pedigree-timeline/run-004/tier2-ui-check.json - Notes: Verified via /qa/sbom-component-detail evidence panel, pedigree timeline, and occurrence drawer checks.