stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
396e9b75a4dd31bf5e4de0bbd80897ffb64e8059
git.stella-ops.org/docs/schemas/claim-score.schema.json
StellaOps Bot 5146204f1b feat: add security sink detection patterns for JavaScript/TypeScript 
- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations).
- Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns.
- Added `package-lock.json` for dependency management.
2025-12-22 23:21:21 +02:00

232 lines
6.2 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stella-ops.org/schemas/claim-score/1.0.0",
"title": "Claim Score Schema",
"description": "Schema for VEX claim scoring in the trust lattice",
"type": "object",
"required": [
"source_id",
"status",
"base_trust",
"strength_multiplier",
"freshness_multiplier",
"claim_score"
],
"properties": {
"source_id": {
"type": "string",
"description": "Identifier of the VEX source"
},
"status": {
"type": "string",
"enum": ["affected", "not_affected", "fixed", "under_investigation"],
"description": "VEX status asserted by this claim"
},
"trust_vector": {
"$ref": "trust-vector.schema.json",
"description": "Trust vector for the source"
},
"base_trust": {
"type": "number",
"minimum": 0,
"maximum": 1,
"description": "BaseTrust(S) = wP*P + wC*C + wR*R"
},
"strength": {
"type": "string",
"enum": [
"exploitability_with_reachability",
"config_with_evidence",
"vendor_blanket",
"under_investigation"
],
"description": "Claim strength category"
},
"strength_multiplier": {
"type": "number",
"minimum": 0,
"maximum": 1,
"description": "Strength multiplier (M) based on evidence quality"
},
"issued_at": {
"type": "string",
"format": "date-time",
"description": "When the claim was issued"
},
"freshness_multiplier": {
"type": "number",
"minimum": 0,
"maximum": 1,
"description": "Freshness decay multiplier (F)"
},
"claim_score": {
"type": "number",
"minimum": 0,
"maximum": 1,
"description": "Final score: BaseTrust * M * F"
},
"adjusted_score": {
"type": "number",
"minimum": 0,
"maximum": 1,
"description": "Score after conflict penalty (if applicable)"
},
"conflict_penalty_applied": {
"type": "boolean",
"default": false,
"description": "Whether a conflict penalty was applied"
},
"scope_specificity": {
"type": "integer",
"minimum": 1,
"maximum": 5,
"description": "Scope specificity level (1=exact digest, 5=platform)"
},
"reason": {
"type": "string",
"description": "Human-readable reason for the claim"
},
"evidence_refs": {
"type": "array",
"items": {
"type": "string"
},
"description": "References to supporting evidence"
}
},
"additionalProperties": false,
"$defs": {
"ScoredClaimSet": {
"type": "object",
"description": "A set of scored claims for a single (asset, vulnerability) pair",
"required": [
"asset_digest",
"vulnerability_id",
"claims"
],
"properties": {
"asset_digest": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$",
"description": "SHA256 digest of the asset"
},
"vulnerability_id": {
"type": "string",
"description": "Vulnerability identifier"
},
"claims": {
"type": "array",
"items": {
"$ref": "#"
},
"description": "Scored claims for this asset/vulnerability"
},
"has_conflict": {
"type": "boolean",
"description": "Whether conflicting claims exist"
},
"winner": {
"$ref": "#",
"description": "The winning claim"
},
"evaluated_at": {
"type": "string",
"format": "date-time",
"description": "When the scoring was performed"
}
},
"additionalProperties": false
},
"MergeResult": {
"type": "object",
"description": "Result of merging multiple claims into a verdict",
"required": [
"status",
"confidence",
"policy_hash",
"lattice_version"
],
"properties": {
"status": {
"type": "string",
"enum": ["affected", "not_affected", "fixed", "under_investigation"],
"description": "Merged verdict status"
},
"confidence": {
"type": "number",
"minimum": 0,
"maximum": 1,
"description": "Confidence in the verdict"
},
"explanations": {
"type": "array",
"items": {
"$ref": "#"
},
"description": "All claims considered"
},
"evidence_refs": {
"type": "array",
"items": {
"type": "string"
},
"description": "Aggregated evidence references"
},
"policy_hash": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$",
"description": "Hash of the policy file"
},
"lattice_version": {
"type": "string",
"pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$",
"description": "Trust lattice version"
},
"gates_passed": {
"type": "array",
"items": {
"type": "string"
},
"description": "Policy gates that passed"
},
"gates_failed": {
"type": "array",
"items": {
"type": "string"
},
"description": "Policy gates that failed"
}
},
"additionalProperties": false
},
"ConflictResolution": {
"type": "object",
"description": "Details of how a conflict was resolved",
"properties": {
"conflict_detected": {
"type": "boolean",
"description": "Whether a conflict was detected"
},
"conflicting_statuses": {
"type": "array",
"items": {
"type": "string",
"enum": ["affected", "not_affected", "fixed", "under_investigation"]
},
"description": "Distinct statuses in conflict"
},
"penalty_applied": {
"type": "number",
"default": 0.25,
"description": "Penalty applied to weaker claims"
},
"resolution_reason": {
"type": "string",
"description": "Explanation of resolution method"
}
},
"additionalProperties": false
}
}
}
Reference in New Issue View Git Blame Copy Permalink