4dc7cf834a
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Console CI / console-ci (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
VEX Proof Bundles / verify-bundles (push) Has been cancelled
- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`. - Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs. - Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details. - Enhanced evidence entries with expiration dates and hashes for better integrity checks. - Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
36 lines
998 B
JSON
36 lines
998 B
JSON
{
|
|
"context": "https://openvex.dev/ns/v0.2.0",
|
|
"metadata": {
|
|
"id": "urn:stellaops:vex:sample-hello-1",
|
|
"author": "StellaOps Excititor",
|
|
"timestamp": "2025-12-04T00:00:00Z"
|
|
},
|
|
"statements": [
|
|
{
|
|
"vulnerability": "CVE-2024-9999",
|
|
"products": [
|
|
"pkg:demo/app@1.0.0"
|
|
],
|
|
"status": "not_affected",
|
|
"status_notes": "Entry-point coverage 96% with negative tests; runtime probes clean.",
|
|
"justification": "vulnerable_code_not_present",
|
|
"statementID": "urn:stellaops:vex:statement:sample-hello-1",
|
|
"last_updated": "2025-12-04T00:00:00Z",
|
|
"known_exploited": false,
|
|
"references": [
|
|
{
|
|
"summary": "Proof bundle",
|
|
"url": "cas://proofbundles/sample-proof-bundle.json"
|
|
}
|
|
],
|
|
"subcomponents": [
|
|
{
|
|
"product": "pkg:demo/lib@1.0.0",
|
|
"status": "not_affected",
|
|
"justification": "vulnerable_code_not_in_execute_path"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|