42 lines
1.4 KiB
Markdown
42 lines
1.4 KiB
Markdown
# Facet
|
|
|
|
> Cryptographically sealed manifests for logical slices of container images.
|
|
|
|
## Purpose
|
|
|
|
The Facet Sealing subsystem provides cryptographically sealed manifests for logical slices of container images, enabling fine-grained drift detection, per-facet quota enforcement, and deterministic change tracking.
|
|
|
|
## Quick Links
|
|
|
|
- [Architecture](./architecture.md) - Technical design and implementation details
|
|
|
|
## Status
|
|
|
|
| Attribute | Value |
|
|
|-----------|-------|
|
|
| **Maturity** | Production |
|
|
| **Last Reviewed** | 2025-12-29 |
|
|
| **Maintainer** | Scanner Guild, Policy Guild |
|
|
|
|
## Key Features
|
|
|
|
- **Facet Types**: OS packages, language dependencies, binaries, configs, custom patterns
|
|
- **Cryptographic Sealing**: Each facet can be individually sealed with a cryptographic snapshot
|
|
- **Drift Detection**: Monitor changes between seals for compliance enforcement
|
|
- **Merkle Tree Structure**: Content-addressed storage with integrity verification
|
|
|
|
## Dependencies
|
|
|
|
### Upstream (this module depends on)
|
|
- **Scanner** - Facet extraction during image analysis
|
|
- **Attestor** - DSSE signing for sealed facets
|
|
|
|
### Downstream (modules that depend on this)
|
|
- **Policy** - Drift detection and quota enforcement
|
|
- **Replay** - Facet verification in replay workflows
|
|
|
|
## Related Documentation
|
|
|
|
- [Scanner Architecture](../scanner/architecture.md)
|
|
- [Replay Architecture](../replay/architecture.md)
|