# Evidence Ribbon UI Component ## Module Web ## Status VERIFIED ## Description Horizontal evidence ribbon component that displays a compact summary strip of evidence types (SBOM, VEX, attestation, provenance) with color-coded badges and drill-down capability. Integrated into developer and auditor workspace views. ## Implementation Details - **Feature directory**: `src/Web/StellaOps.Web/src/app/features/evidence-ribbon/` - **Components**: - `evidence-ribbon` (`src/Web/StellaOps.Web/src/app/features/evidence-ribbon/components/evidence-ribbon/evidence-ribbon.component.ts`) - **Services**: - `evidence-ribbon` (`src/Web/StellaOps.Web/src/app/features/evidence-ribbon/services/evidence-ribbon.service.ts`) - **Models**: - `src/Web/StellaOps.Web/src/app/features/evidence-ribbon/models/evidence-ribbon.models.ts` - **Source**: batch_38/file_11.md ## E2E Test Plan - **Setup**: - [ ] Log in with a user that has appropriate permissions - [ ] Navigate to `/triage/artifacts/:artifactId` - [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed) - **Core verification**: - [ ] Verify the component renders correctly with sample data - [ ] Verify interactive elements respond to user input - [ ] Verify data is fetched and displayed from the correct API endpoints - **Edge cases**: - [ ] Verify graceful handling when backend API is unavailable (error state) - [ ] Verify responsive layout at different viewport sizes - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes) ## Verification - Run: docs/qa/feature-checks/runs/web/evidence-ribbon-ui-component/run-001/ - Tier 0 (source): pass ( ier0-source-check.json) - Tier 1 (build/tests): pass ( ier1-build-check.json) - Tier 2 (behavior): pass ( ier2-e2e-check.json) - Verified on (UTC): 2026-02-10 ## Recheck (run-003) - Date (UTC): 2026-02-11T06:40:35Z - Status: VERIFIED (strict Tier 2 UI replay) - Tier 2 evidence: `docs/qa/feature-checks/runs/web/evidence-ribbon-ui-component/run-003/tier2-ui-check.json` - Notes: Developer workspace strict Playwright flow now explicitly verifies DSSE/Rekor/CycloneDX ribbon pills and user click interaction.