stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
394b57f6bf8f5e663a5213e465ac0bb42c15bca6
git.stella-ops.org/docs/schemas/reasoning-predicate.schema.json
master 2170a58734
Some checks failed
Lighthouse CI / Lighthouse Audit (push) Waiting to run
Details
Lighthouse CI / Axe Accessibility Audit (push) Waiting to run
Details
Manifest Integrity / Validate Schema Integrity (push) Waiting to run
Details
Manifest Integrity / Validate Contract Documents (push) Waiting to run
Details
Manifest Integrity / Validate Pack Fixtures (push) Waiting to run
Details
Manifest Integrity / Audit SHA256SUMS Files (push) Waiting to run
Details
Manifest Integrity / Verify Merkle Roots (push) Waiting to run
Details
Policy Lint & Smoke / policy-lint (push) Waiting to run
Details
Policy Simulation / policy-simulate (push) Waiting to run
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Findings Ledger CI / build-test (push) Has been cancelled
Details
Findings Ledger CI / migration-validation (push) Has been cancelled
Details
Findings Ledger CI / generate-manifest (push) Has been cancelled
Details
Add comprehensive security tests for OWASP A02, A05, A07, and A08 categories 
- Implemented tests for Cryptographic Failures (A02) to ensure proper handling of sensitive data, secure algorithms, and key management.
- Added tests for Security Misconfiguration (A05) to validate production configurations, security headers, CORS settings, and feature management.
- Developed tests for Authentication Failures (A07) to enforce strong password policies, rate limiting, session management, and MFA support.
- Created tests for Software and Data Integrity Failures (A08) to verify artifact signatures, SBOM integrity, attestation chains, and feed updates.
2025-12-16 16:40:44 +02:00

66 lines
1.9 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stella-ops.org/schemas/reasoning.stella/v1.json",
"title": "Reasoning Predicate Schema",
"description": "Schema for reasoning.stella/v1 predicate type - policy evaluation trace",
"type": "object",
"required": [
"sbomEntryId",
"evidenceIds",
"policyVersion",
"inputs",
"reasoningId"
],
"properties": {
"sbomEntryId": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}:pkg:.+",
"description": "The SBOM entry ID this reasoning applies to"
},
"evidenceIds": {
"type": "array",
"items": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$"
},
"minItems": 1,
"description": "Evidence IDs that were considered in this reasoning"
},
"policyVersion": {
"type": "string",
"pattern": "^v[0-9]+\\.[0-9]+\\.[0-9]+$",
"description": "Version of the policy used for evaluation"
},
"inputs": {
"type": "object",
"required": ["currentEvaluationTime"],
"properties": {
"currentEvaluationTime": {
"type": "string",
"format": "date-time",
"description": "The evaluation time used for temporal reasoning"
},
"severityThresholds": {
"type": "object",
"description": "Severity thresholds applied during evaluation"
},
"latticeRules": {
"type": "object",
"description": "Lattice rules used for status merging"
}
},
"additionalProperties": false
},
"intermediateFindings": {
"type": "object",
"description": "Intermediate findings from the evaluation"
},
"reasoningId": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$",
"description": "Content-addressed ID of this reasoning"
}
},
"additionalProperties": false
}
Reference in New Issue View Git Blame Copy Permalink