stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
0987cd6ac81edc2540d8abce362e822e2f0ecef3
git.stella-ops.org/docs/modules/export-center/schemas/export-profile.schema.json
StellaOps Bot 4dc7cf834a
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Console CI / console-ci (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
VEX Proof Bundles / verify-bundles (push) Has been cancelled
Details
Add sample proof bundle configurations and verification script 
- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`.
- Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs.
- Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details.
- Enhanced evidence entries with expiration dates and hashes for better integrity checks.
- Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
2025-12-04 08:54:32 +02:00

207 lines
5.5 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stellaops.io/schemas/export-center/export-profile.schema.json",
"title": "StellaOps ExportProfile",
"description": "Canonical schema for Export Center profile definitions with selector and approval guardrails (EC1, EC4, EC9).",
"type": "object",
"required": ["apiVersion", "kind", "metadata", "spec"],
"properties": {
"apiVersion": {
"type": "string",
"const": "stellaops.io/export.v1"
},
"kind": {
"type": "string",
"const": "ExportProfile"
},
"metadata": {
"type": "object",
"required": ["name", "tenant"],
"properties": {
"name": {
"type": "string",
"minLength": 3,
"maxLength": 64,
"pattern": "^[a-z0-9]([a-z0-9-]*[a-z0-9])?$"
},
"tenant": {
"type": "string",
"pattern": "^[a-z0-9]([a-z0-9-]*[a-z0-9])?$"
},
"revision": {
"type": "string",
"pattern": "^r[0-9]+$"
},
"labels": {
"type": "object",
"additionalProperties": {
"type": "string",
"maxLength": 128
}
}
},
"additionalProperties": false
},
"spec": {
"type": "object",
"required": ["kind", "variant", "distribution"],
"properties": {
"kind": {
"type": "string",
"enum": ["json", "trivy", "mirror", "devportal", "attestation"]
},
"variant": {
"type": "string",
"enum": [
"raw",
"policy",
"db",
"java-db",
"full",
"delta",
"offline",
"bundle"
]
},
"distribution": {
"type": "array",
"items": {
"type": "string",
"enum": ["http", "oci", "object"]
},
"uniqueItems": true,
"minItems": 1
},
"compression": {
"type": "object",
"properties": {
"codec": {
"type": "string",
"enum": ["zstd", "gzip", "none"]
},
"level": {
"type": "integer",
"minimum": 1,
"maximum": 22
}
},
"additionalProperties": false
},
"encryption": {
"type": "object",
"properties": {
"enabled": { "type": "boolean" },
"mode": { "type": "string", "enum": ["age", "aes-gcm"] },
"recipientKeys": {
"type": "array",
"items": {
"type": "string",
"pattern": "^(age1|kms://)"
}
},
"strict": { "type": "boolean" }
},
"additionalProperties": false
},
"retention": {
"type": "object",
"properties": {
"mode": { "type": "string", "enum": ["days", "never"] },
"value": { "type": "integer", "minimum": 1, "maximum": 3650 }
},
"additionalProperties": false
},
"limits": {
"type": "object",
"properties": {
"maxActiveRuns": { "type": "integer", "minimum": 1, "maximum": 32 },
"maxQueuedRuns": { "type": "integer", "minimum": 1, "maximum": 512 },
"backpressureMode": {
"type": "string",
"enum": ["reject", "defer", "throttle"]
}
},
"additionalProperties": false
},
"selectors": { "$ref": "#/$defs/selectors" },
"approval": {
"type": "object",
"properties": {
"required": { "type": "boolean" },
"reason": { "type": "string", "maxLength": 256 },
"ticket": { "type": "string", "maxLength": 64 },
"approver": { "type": "string", "maxLength": 64 }
},
"additionalProperties": false
},
"schemaVersion": {
"type": "string",
"enum": ["1.1.0"],
"default": "1.1.0"
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"$defs": {
"selectors": {
"type": "object",
"properties": {
"tenants": {
"type": "array",
"items": {
"type": "string",
"pattern": "^[a-z0-9*.-]+$"
},
"uniqueItems": true
},
"products": {
"type": "array",
"items": {
"type": "string",
"pattern": "^pkg:[A-Za-z0-9.+\\-_/:@*]+$"
}
},
"ecosystems": {
"type": "array",
"items": {
"type": "string",
"enum": [
"npm",
"maven",
"pypi",
"nuget",
"go",
"cargo",
"rpm",
"deb",
"apk",
"java"
]
},
"uniqueItems": true
},
"timeWindow": {
"oneOf": [
{ "type": "string", "pattern": "^[0-9]+d$" },
{
"type": "string",
"pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}/[0-9]{4}-[0-9]{2}-[0-9]{2}$"
}
]
},
"severities": {
"type": "array",
"items": {
"type": "string",
"enum": ["critical", "high", "medium", "low", "info"]
},
"uniqueItems": true
}
},
"additionalProperties": false
}
}
}
Reference in New Issue View Git Blame Copy Permalink