2170a58734
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Lighthouse CI / Lighthouse Audit (push) Has been cancelled
Lighthouse CI / Axe Accessibility Audit (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Policy Simulation / policy-simulate (push) Has been cancelled
- Implemented tests for Cryptographic Failures (A02) to ensure proper handling of sensitive data, secure algorithms, and key management. - Added tests for Security Misconfiguration (A05) to validate production configurations, security headers, CORS settings, and feature management. - Developed tests for Authentication Failures (A07) to enforce strong password policies, rate limiting, session management, and MFA support. - Created tests for Software and Data Integrity Failures (A08) to verify artifact signatures, SBOM integrity, attestation chains, and feed updates.
97 lines
2.6 KiB
JSON
97 lines
2.6 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "https://stella-ops.org/schemas/sbom-linkage/v1.json",
|
|
"title": "SBOM Linkage Predicate Schema",
|
|
"description": "Schema for sbom-linkage/v1 predicate type - SBOM-to-component linkage",
|
|
"type": "object",
|
|
"required": [
|
|
"sbom",
|
|
"generator",
|
|
"generatedAt"
|
|
],
|
|
"properties": {
|
|
"sbom": {
|
|
"type": "object",
|
|
"required": ["id", "format", "specVersion", "mediaType", "sha256"],
|
|
"properties": {
|
|
"id": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"description": "Unique identifier of the SBOM"
|
|
},
|
|
"format": {
|
|
"type": "string",
|
|
"enum": ["CycloneDX", "SPDX"],
|
|
"description": "Format of the SBOM"
|
|
},
|
|
"specVersion": {
|
|
"type": "string",
|
|
"description": "Specification version"
|
|
},
|
|
"mediaType": {
|
|
"type": "string",
|
|
"description": "MIME type of the SBOM document"
|
|
},
|
|
"sha256": {
|
|
"type": "string",
|
|
"pattern": "^[a-f0-9]{64}$",
|
|
"description": "SHA-256 digest of the SBOM content"
|
|
},
|
|
"location": {
|
|
"type": "string",
|
|
"description": "Optional location URI (oci:// or file://)"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"generator": {
|
|
"type": "object",
|
|
"required": ["name", "version"],
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"description": "Name of the generator tool"
|
|
},
|
|
"version": {
|
|
"type": "string",
|
|
"description": "Version of the generator tool"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"generatedAt": {
|
|
"type": "string",
|
|
"format": "date-time",
|
|
"description": "UTC timestamp when this linkage was generated"
|
|
},
|
|
"incompleteSubjects": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": ["name", "reason"],
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"description": "Name or identifier of the incomplete subject"
|
|
},
|
|
"reason": {
|
|
"type": "string",
|
|
"description": "Reason why the subject is incomplete"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"description": "Subjects that could not be fully resolved"
|
|
},
|
|
"tags": {
|
|
"type": "object",
|
|
"additionalProperties": {
|
|
"type": "string"
|
|
},
|
|
"description": "Arbitrary tags for classification or filtering"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|