stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/features/checked/excititor/vex-claim-normalization.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.9 KiB
Raw Permalink Blame History

VEX Claim Normalization (Multi-Format Ingestion)

Module

Excititor

Status

VERIFIED

Description

Normalization of VEX claims from OpenVEX, CycloneDX VEX, and CSAF formats into canonical internal representation with vendor-specific connectors (Ubuntu, Red Hat, Oracle, Microsoft, Cisco).

Implementation Details

  • Modules: src/Excititor/__Libraries/StellaOps.Excititor.Core/, src/Excititor/__Libraries/StellaOps.Excititor.Connectors.*/
  • Key Classes:
    • VexClaim (src/Excititor/__Libraries/StellaOps.Excititor.Core/VexClaim.cs) - canonical VEX claim model
    • VexAdvisoryKeyCanonicalizer (src/Excititor/__Libraries/StellaOps.Excititor.Core/Canonicalization/VexAdvisoryKeyCanonicalizer.cs) - canonicalizes advisory keys across formats
    • VexProductKeyCanonicalizer (src/Excititor/__Libraries/StellaOps.Excititor.Core/Canonicalization/VexProductKeyCanonicalizer.cs) - canonicalizes product keys across formats
    • UbuntuCsafConnector (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF/UbuntuCsafConnector.cs) - Ubuntu CSAF ingestion
    • RedHatCsafConnector (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.RedHat.CSAF/RedHatCsafConnector.cs) - Red Hat CSAF ingestion
    • OracleCsafConnector (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Oracle.CSAF/OracleCsafConnector.cs) - Oracle CSAF ingestion
    • MsrcCsafConnector (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.MSRC.CSAF/MsrcCsafConnector.cs) - Microsoft MSRC CSAF ingestion
    • CiscoCsafConnector (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Cisco.CSAF/CiscoCsafConnector.cs) - Cisco CSAF ingestion
    • VexIngestOrchestrator (src/Excititor/StellaOps.Excititor.WebService/Services/VexIngestOrchestrator.cs) - orchestrates multi-format ingestion
  • Interfaces: VexConnectorBase (abstract base)
  • Source: Feature matrix scan

E2E Test Plan

  • Ingest a CSAF advisory from each vendor connector (Ubuntu, Red Hat, Oracle, Microsoft, Cisco) and verify normalization into VexClaim
  • Verify VexAdvisoryKeyCanonicalizer produces identical keys for the same advisory across different formats
  • Verify VexProductKeyCanonicalizer produces identical product keys for the same product across formats
  • Ingest the same vulnerability from multiple formats (OpenVEX, CSAF, CycloneDX) and verify they normalize to equivalent claims
  • Verify VexIngestOrchestrator routes documents to the correct normalizer based on format detection
  • Verify normalization handles vendor-specific fields (Red Hat errata, Microsoft KB articles, Cisco bug IDs)

Verification

  • Verified on 2026-02-13 via run-001.
  • Tier 0: Source files confirmed present on disk.
  • Tier 1: dotnet build passed (0 errors); 503/504 tests passed (1 env_issue: no local Postgres).
  • Tier 2d: docs/qa/feature-checks/runs/excititor/vex-claim-normalization/run-001/tier2-integration-check.json