7503c19b8f
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
1.3 KiB
1.3 KiB
Vulnerability Explorer Using the Console
This document describes the operator workflow for triaging findings in the Console. It is intentionally evidence-first and audit-oriented.
Workflow (Typical)
- Start from the findings list filtered to the tenant/environment you care about.
- Open a finding to review:
- Verdict and “why” summary
- Effective VEX status and issuer provenance
- Reachability/impact signals (when available)
- Policy gate and explain trace
- Record a triage action (assign/comment/mitigation/exception) with justification.
- Export an evidence bundle when review, escalation, or offline verification is required.
What to Expect in a Finding View
- Clear tenant context and artifact identifiers
- Evidence rail (SBOM, VEX, advisories, reachability, attestations)
- History/timeline of state changes and actions (append-only)
- Copyable identifiers (finding ID, digests, correlation IDs)
Offline / Air-Gap Notes
- When operating from Offline Kit snapshots, the Console should surface snapshot identity and staleness budgets.
- Evidence bundle export is the primary bridge between online and offline review.
References
- Console operator guide:
docs/15_UI_GUIDE.md - Vulnerability Explorer guide:
docs/20_VULNERABILITY_EXPLORER_GUIDE.md - Offline Kit:
docs/24_OFFLINE_KIT.md