579236bfce
- Created StellaOps.Notify.Storage.Mongo project with initial configuration. - Added expected output files for acceptance tests (at1.txt to at10.txt). - Added fixture input files for acceptance tests (at1 to at10). - Created input and signature files for test cases fc1 to fc5.
1.3 KiB
1.3 KiB
VEX Explorer Integration (Md.XI draft)
Status: DRAFT — pending GRAP0101 alignment, CSAF mapping specifics, and CLI examples. Do not publish until hashes recorded.
Scope
- Map Explorer VEX handling: CSAF ingestion, suppression precedence, status semantics, and integration points with findings.
- Provide deterministic examples; hash payloads/screens in
docs/assets/vuln-explorer/SHA256SUMS.
Dependencies
- GRAP0101 contract (field names, identifiers).
- CLI/console assets (due 2025-12-09).
- Policy/VEX mapping rules from Excititor Guild.
Topics (outline)
- CSAF → internal VEX decision mapping; precedence vs policy overrides.
- Status semantics: NOT_AFFECTED / AFFECTED_* / FIXED; validity windows; VEX-first triage per Vuln Explorer architecture.
- Suppression precedence: VEX decisions take priority over reachability/policy unless explicit override (confirm post-GRAP0101).
- Export/propagation to advisories/CLI/console.
Determinism
- Use fixed CSAF samples; hash examples.
Hash Capture Checklist (when assets land)
assets/vuln-explorer/vex-csaf-sample.json(input)assets/vuln-explorer/vex-mapping-output.json(normalized decisions)assets/vuln-explorer/vex-precedence-table.md(suppression/precedence matrix)
Last updated: 2025-12-05 (UTC)