stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/sbom/vuln-resolution.md
StellaOps Bot 579236bfce
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Add MongoDB storage library and update acceptance tests with deterministic stubs 
- Created StellaOps.Notify.Storage.Mongo project with initial configuration.
- Added expected output files for acceptance tests (at1.txt to at10.txt).
- Added fixture input files for acceptance tests (at1 to at10).
- Created input and signature files for test cases fc1 to fc5.
2025-12-05 22:56:01 +02:00

783 B
Raw Permalink Blame History

SBOM Vulnerability Resolution (Md.XI draft)

Status: DRAFT — pending export/advisory integration and GRAP0101 field freeze.

Scope

  • Version semantics, scope, paths, safe version hints for SBOM components in Vuln Explorer.
  • Deterministic examples with hashes in docs/assets/vuln-explorer/SHA256SUMS.

Dependencies

  • Advisory integration (DOCS-VULN-29-008).
  • GRAP0101 identifiers.

Outline

  • Component resolution (purl, NEVRA); scope (prod/dev/test).
  • Path specificity and deduping rules.
  • Safe version hints and policy overlays.

Hash Capture Checklist (when inputs ready)

  • assets/vuln-explorer/sbom-component-resolution.json
  • assets/vuln-explorer/sbom-path-dedupe.json
  • assets/vuln-explorer/safe-version-hints.json Last updated: 2025-12-05 (UTC)