stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
40362de56880f054c29ce23e6ba980834a7f831f
git.stella-ops.org/docs/vuln/explorer-overview.md
StellaOps Bot 7503c19b8f Add determinism tests for verdict artifact generation and update SHA256 sums script 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
2025-12-24 02:17:34 +02:00

26 lines
1.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Vulnerability Explorer Overview (Detailed)
The Vulnerability Explorer is the evidence-linked triage surface that brings together SBOM facts, advisory/VEX evidence, reachability signals, policy explainability, and operator decisions into a single auditable workflow.
This document complements the high-level guide `docs/20_VULNERABILITY_EXPLORER_GUIDE.md` with additional detail and cross-links.
## Core Objects
- **Finding record:** the current enriched view of a vulnerability for a specific artifact/context (tenant, artifact/image digest, policy version).
- **History:** append-only state transitions suitable for audit and replay.
- **Triage actions:** operator actions (assignment, comment, mitigation note, exception request) with provenance.
- **Evidence references:** stable pointers to evidence objects (SBOM slices, VEX observations/linksets, reachability proofs, explain traces, attestations).
## Key Properties
- **Narrative-first:** default view answers “Can I ship? If not, why? Whats the smallest safe change?”
- **Proof-linked:** every important fact links to evidence (no “trust the UI”).
- **Quiet by default, never silent:** suppression/muting is reversible and auditable.
- **Offline-ready:** evidence bundles are verifiable without online lookups.
## References
- High-level guide: `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
- Console operator guide: `docs/15_UI_GUIDE.md`
- Module dossier: `docs/modules/vuln-explorer/architecture.md`
Reference in New Issue View Git Blame Copy Permalink