StellaOps.BinaryIndex.Contracts

Request to resolve vulnerability status for a binary.

Package URL (PURL) or CPE identifier.

File path within container/filesystem.

ELF Build-ID, PE CodeView GUID, or Mach-O UUID.

Hash values for matching.

Fingerprint bytes (Base64-encoded).

Fingerprint algorithm if fingerprint provided (e.g., "combined", "tlsh", "ssdeep").

CVE to check (optional, for targeted queries). If not provided, checks all known CVEs.

Distro hint for fix status lookup (e.g., "debian:bookworm").

Hash values for binary matching.

SHA-256 hash of the entire file.

SHA-256 hash of the .text section.

BLAKE3 hash (future-proof).

Response from vulnerability resolution.

Package identifier from request.

Resolution status.

Version where fix was applied (if status is Fixed).

Evidence supporting the resolution.

DSSE attestation envelope (Base64-encoded JSON).

Timestamp when resolution was computed.

Whether result was served from cache.

CVE ID if a specific CVE was queried.

Resolution status enumeration.

Vulnerability is fixed in this binary (backport detected).

Binary is vulnerable.

Binary is not affected by this CVE.

Resolution status unknown.

Evidence supporting a resolution decision.

Match method used (build_id, fingerprint, hash_exact).

Confidence score (0.0-1.0).

Distro advisory ID (e.g., DSA-5343-1, RHSA-2024:1234).

SHA-256 of the security patch.

List of matched fingerprint IDs.

Summary of function-level differences.

Source package name.

Detection method (security_feed, changelog, patch_header).

Batch request for resolving multiple vulnerabilities.

List of resolution requests.

Resolution options.

Options for batch resolution.

Bypass cache and perform fresh lookups.

Include DSSE attestation in responses.

Response from batch vulnerability resolution.

List of resolution results.

Total items processed.

Number of items served from cache.

Processing time in milliseconds.