stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
491e8836535ab3daa30eff7a77f76f5b00331a74
git.stella-ops.org/docs/_archive/vuln/explorer-cli.md
master 491e883653 Add tests for SBOM generation determinism across multiple formats 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
2025-12-24 00:36:14 +02:00

2.0 KiB
Raw Blame History

Vuln Explorer CLI (Md.XI draft)

Status: DRAFT — depends on explorer API/console assets and GRAP0101 schema. Do not publish until samples are hashed and prerequisites land.

Scope

  • Command reference for Explorer-related CLI verbs (list/view/actions/reports/exports/VEX decisions).
  • Examples must be deterministic and offline-friendly (fixed fixtures, no live endpoints).

Prerequisites

  • GRAP0101 contract for finalized field names and filters.
  • CLI sample payloads (requested with console assets; due 2025-12-09).
  • API schema from docs/vuln/explorer-api.md once finalized.

Commands (outline)

  • stella findings list — filters, pagination, sorting, --fields, --reachability, --vex-status.
  • stella findings view <id> — includes history, actions, explain bundle refs.
  • stella findings action <id> --assign/--comment/--status/--remediate/--ticket — DSSE signing optional.
  • stella findings report create — outputs manifest path and DSSE envelope.
  • stella findings export offline — deterministic bundle with hashes (aligns with Offline Kit).
  • stella vex decisions — create/update/list VEX decisions.

Determinism & Offline

  • Record all sample command outputs (stdout/stderr) with hashes in docs/assets/vuln-explorer/SHA256SUMS.
  • Use fixed fixture IDs, ordered output, and --format json where applicable.

Fixtures to Capture (once CLI samples arrive)

  • assets/vuln-explorer/cli-findings-list.json (list with filters)
  • assets/vuln-explorer/cli-findings-view.json (detail view)
  • assets/vuln-explorer/cli-action.json (assign/comment/status change)
  • assets/vuln-explorer/cli-report-create.json (report creation output)
  • assets/vuln-explorer/cli-export-offline.json (bundle manifest snippet)
  • assets/vuln-explorer/cli-vex-decision.json (decision create/list)

Open Items

  • Insert real examples and exit codes once assets arrive.
  • Confirm DSSE flag names and default signing key selection.
  • Add CI snippets for GitLab/GitHub once policy overlays provided.

Last updated: 2025-12-05 (UTC)