stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
18d87c64c5dafb8fa75276ad1ae3c092fbae2de3
git.stella-ops.org/docs/vex/explorer-integration.md
StellaOps Bot 18d87c64c5 feat: add PolicyPackSelectorComponent with tests and integration 
- Implemented PolicyPackSelectorComponent for selecting policy packs.
- Added unit tests for component behavior, including API success and error handling.
- Introduced monaco-workers type declarations for editor workers.
- Created acceptance tests for guardrails with stubs for AT1–AT10.
- Established SCA Failure Catalogue Fixtures for regression testing.
- Developed plugin determinism harness with stubs for PL1–PL10.
- Added scripts for evidence upload and verification processes.
2025-12-05 21:24:34 +02:00

1.0 KiB
Raw Blame History

VEX Explorer Integration (Md.XI draft)

Status: DRAFT — pending GRAP0101 alignment, CSAF mapping specifics, and CLI examples. Do not publish until hashes recorded.

Scope

  • Map Explorer VEX handling: CSAF ingestion, suppression precedence, status semantics, and integration points with findings.
  • Provide deterministic examples; hash payloads/screens in docs/assets/vuln-explorer/SHA256SUMS.

Dependencies

  • GRAP0101 contract (field names, identifiers).
  • CLI/console assets (due 2025-12-09).
  • Policy/VEX mapping rules from Excititor Guild.

Topics (outline)

  • CSAF → internal VEX decision mapping; precedence vs policy overrides.
  • Status semantics: NOT_AFFECTED / AFFECTED_* / FIXED; validity windows; VEX-first triage per Vuln Explorer architecture.
  • Suppression precedence: VEX decisions take priority over reachability/policy unless explicit override (confirm post-GRAP0101).
  • Export/propagation to advisories/CLI/console.

Determinism

  • Use fixed CSAF samples; hash examples.

Last updated: 2025-12-05 (UTC)