stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
044cf0923c15f81309eb2f31d2b0b37072a1811e
git.stella-ops.org/docs-archived/product-advisories/14-Dec-2025/29-Nov-2025 - SBOM to VEX Proof Pipeline Blueprint.md
master d0a7b88398 move docs/**/archived/* to docs-archived/**/*
2026-01-05 16:02:11 +02:00

1.1 KiB
Raw Blame History

29-Nov-2025 · SBOM to VEX Proof Pipeline Blueprint

Why now: The Docs ladder needs a canonical blueprint tying SBOM ingestion to VEX proofs with DSSE/Rekor integration, to unblock downstream module dossier updates.

Scope

  • Describe DSSE → Rekor v2 → VEX linkage with offline verification steps.
  • Capture diagram/stub scripts for proof generation and verification.
  • Define inputs.lock/idempotency rules and chain hash recipe.

Required artefacts (MVP for DONE)

  • Diagram placeholder (docs/diagrams/sbom-vex-blueprint.svg reserved) and script stub path docs/scripts/sbom-vex/verify.sh (offline, deterministic sorting/hashes).
  • Cross-links in docs/modules/platform/architecture-overview.md and sprint row 16 completion evidence.

Determinism & Offline

  • Sorted canonical inputs before hashing; UTC timestamps only when unavoidable, otherwise derive from content.
  • No network calls; use bundled Rekor root + mirror snapshot for verification examples.

Next actions

  • Land the stub diagram/script placeholders and log completion in the sprint Execution Log.