7503c19b8f
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
1.5 KiB
1.5 KiB
Console Forensics and Evidence Review
This document describes how the Console supports forensic review of decisions: timelines, evidence viewing, attestation verification, and audit exports.
Timeline Explorer
The timeline view should enable:
- Filtering by tenant, artifact, finding, and time window
- Drill-down from a verdict to its evidence objects (SBOM slice, VEX observation/linkset, reachability proof, policy explain trace)
- Visibility into operator actions (triage actions, exceptions, approvals) as append-only events
Evidence Viewer
Evidence viewing should prioritize:
- Clear provenance (issuer identity, timestamps, digests)
- Verification state (signature verified/failed/unknown)
- Deterministic identifiers so auditors can replay and compare
Attestation Verification
When presenting attestations (DSSE/in-toto):
- Display verification status and key identity
- Link to transparency log proof when configured
- Allow exporting the DSSE envelope and the referenced artifacts
Export / Verify Workflows
Exports are the bridge between online and offline review:
- Exports should be deterministic (stable ordering, UTC timestamps).
- Export bundles should include integrity metadata (digests) so offline reviewers can verify without trusting a live service.
References
- Console operator guide:
docs/15_UI_GUIDE.md - Offline Kit:
docs/24_OFFLINE_KIT.md - Vulnerability Explorer guide (triage model):
docs/20_VULNERABILITY_EXPLORER_GUIDE.md