cef4cb2c5a
- Implemented the GostKeyValue class for handling public key parameters in ГОСТ Р 34.10 digital signatures. - Created the GostSignedXml class to manage XML signatures using ГОСТ 34.10, including methods for computing and checking signatures. - Developed the GostSignedXmlImpl class to encapsulate the signature computation logic and public key retrieval. - Added specific key value classes for ГОСТ Р 34.10-2001, ГОСТ Р 34.10-2012/256, and ГОСТ Р 34.10-2012/512 to support different signature algorithms. - Ensured compatibility with existing XML signature standards while integrating ГОСТ cryptography.
53 lines
1.8 KiB
Markdown
53 lines
1.8 KiB
Markdown
# Excitor consensus JSON sample (beta)
|
|
|
|
```jsonc
|
|
{
|
|
"vulnId": "CVE-2025-12345",
|
|
"productKey": "pkg:maven/org.apache.commons/commons-text@1.11.0",
|
|
"rollupStatus": "NOT_AFFECTED",
|
|
"sources": [
|
|
{
|
|
"providerId": "redhat",
|
|
"status": "NOT_AFFECTED",
|
|
"justification": "component_not_present",
|
|
"weight": 0.62,
|
|
"trust": {
|
|
"tier": "distro",
|
|
"note": "tier=distro;weight=0.62",
|
|
"weight": 0.62,
|
|
"cosign": {
|
|
"issuer": "https://issuer.redhat.com",
|
|
"identityPattern": "spiffe://redhat/vex/*"
|
|
},
|
|
"pgpFingerprints": [
|
|
"04F2C0A87B1D9E90B1D8A35DCEB5ABCD12345678"
|
|
]
|
|
},
|
|
"lastObserved": "2025-11-04T18:22:31Z",
|
|
"accepted": true,
|
|
"reason": "trust-tier vendor, signed OpenVEX"
|
|
},
|
|
{
|
|
"providerId": "github",
|
|
"status": "AFFECTED",
|
|
"justification": null,
|
|
"weight": 0.27,
|
|
"trust": {
|
|
"tier": "community",
|
|
"note": "tier=community;weight=0.27",
|
|
"weight": 0.27
|
|
},
|
|
"lastObserved": "2025-11-05T01:12:03Z",
|
|
"accepted": false,
|
|
"reason": "lower trust tier and stale statement"
|
|
}
|
|
],
|
|
"policyRevisionId": "vex-consensus-policy@2025-11-05",
|
|
"evaluatedAt": "2025-11-05T02:05:14Z",
|
|
"consensusDigest": "sha256:41f2d96728b24f7a8b7f1251983b8edccd1e0f5781d4a51e51c8e6b20c1fa31a"
|
|
}
|
|
```
|
|
|
|
> **Note:** This payload is generated from the beta consensus endpoint and is subject to change prior to GA. Keys and semantics are documented alongside API previews in `docs/modules/excitor/README.md`.
|
|
> **New:** `sources[].trust` mirrors the `vex.provenance.*` envelope emitted by Excititor connectors (provider weight/tier, cosign hints, PGP fingerprints). VEX Lens copies the raw metadata so Policy Engine, Console, and Advisory AI can explain consensus decisions without replaying ingestion.
|