stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
2bd189387e3dc013328112cd59336d1befc48540
git.stella-ops.org/docs/scripts/sbom-vex/README.md
StellaOps Bot 579236bfce
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Add MongoDB storage library and update acceptance tests with deterministic stubs 
- Created StellaOps.Notify.Storage.Mongo project with initial configuration.
- Added expected output files for acceptance tests (at1.txt to at10.txt).
- Added fixture input files for acceptance tests (at1 to at10).
- Created input and signature files for test cases fc1 to fc5.
2025-12-05 22:56:01 +02:00

16 lines
580 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# SBOM→VEX Offline Kit (Stub)
This kit supports sprint task 6 (SBOM-VEX-GAPS-300-013).
Contents (stub):
- `verify.sh` chain hash stub for SBOM + DSSE + Rekor + VEX
- `chain-hash-recipe.md` canonicalisation steps
- `inputs.lock` pinned tool versions and snapshot
- `proof-manifest.json` chain hash placeholder
- `sbom-vex-blueprint.svg` diagram placeholder
Next steps:
- Add real SBOM/VEX samples and Rekor bundle snapshot.
- Produce DSSE signatures for proof manifest and scripts.
- Include time-anchor and backpressure/error policy notes per BP1BP10.
Reference in New Issue View Git Blame Copy Permalink