1.8 KiB
1.8 KiB
Replay
Deterministic replay engine for vulnerability verdict reproducibility.
Purpose
Replay enables deterministic reproducibility of vulnerability verdicts. Given identical inputs (SBOM, policy, feeds, toolchain), the system MUST produce identical outputs. Replay provides the infrastructure to capture, store, and verify these deterministic execution chains.
Quick Links
- Architecture - Technical design and implementation details
- Guides - Replay verification guides
- Schemas - Replay manifest and proof schemas
- Replay Proof Schema - Detailed proof format
Status
| Attribute | Value |
|---|---|
| Maturity | Production |
| Last Reviewed | 2025-12-29 |
| Maintainer | Platform Guild |
Key Features
- Replay Tokens: Cryptographically bound to input digests for verification
- Replay Manifests: Capture all inputs required to reproduce a verdict
- Feed Snapshots: Point-in-time snapshots of vulnerability feeds
- Verification Workflows: Validate that replay produces identical results
Dependencies
Upstream (this module depends on)
- Concelier - Feed snapshot coordination
- Attestor - Replay proof signing
- Policy - Policy evaluation replay
Downstream (modules that depend on this)
- Attestor - Stores replay proofs
- ExportCenter - Includes replay tokens in exports
Notes
- Replay does not make vulnerability decisions; it captures inputs and outputs
- Replay does not store SBOMs or vulnerability data; it stores references (digests)
- All timestamps are UTC ISO-8601 with microsecond precision