stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
49922dff5ad4435420dac177e832ba4290ceaea9
git.stella-ops.org/docs/vuln/GRAP0101-integration-checklist.md
StellaOps Bot 579236bfce
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Add MongoDB storage library and update acceptance tests with deterministic stubs 
- Created StellaOps.Notify.Storage.Mongo project with initial configuration.
- Added expected output files for acceptance tests (at1.txt to at10.txt).
- Added fixture input files for acceptance tests (at1 to at10).
- Created input and signature files for test cases fc1 to fc5.
2025-12-05 22:56:01 +02:00

1.9 KiB
Raw Blame History

GRAP0101 Integration Checklist for Vuln Explorer Md.XI

Use this checklist when the GRAP0101 domain model contract arrives.

Fill across docs

  • docs/vuln/explorer-overview.md: replace [[pending:...]] placeholders (entities, relationships, identifiers); confirm triage state names; add hashes for examples once captured.
  • docs/vuln/explorer-using-console.md: apply final field labels, keyboard shortcuts, saved view params; drop hashed assets per checklist.
  • docs/vuln/explorer-api.md: finalize filter/sort/ETag params, limits, error codes; attach hashed request/response fixtures.
  • docs/vuln/explorer-cli.md: align flag names with API; add hashed CLI outputs.
  • docs/vuln/findings-ledger.md: align schema names/ids; confirm hash fields and Merkle notes match GRAP0101.
  • docs/policy/vuln-determinations.md: sync identifiers and signal fields referenced in policy outputs.
  • docs/vex/explorer-integration.md: confirm CSAF→VEX mapping fields and precedence references.
  • docs/advisories/explorer-integration.md: update advisory identifiers/keys to GRAP0101 naming.
  • docs/sbom/vuln-resolution.md: align component identifier fields (purl/NEVRA) with GRAP0101.
  • docs/observability/vuln-telemetry.md: verify metric/log labels (findingId, advisoryId, policyVersion, artifactId) match contract.
  • docs/security/vuln-rbac.md: confirm scope/claim names and attachment token fields.
  • docs/runbooks/vuln-ops.md: ensure IDs/fields in remediation steps match contract.

Hash capture locations

  • Record all assets in docs/assets/vuln-explorer/SHA256SUMS using the per-subdir checklists.

Order of operations

  1. Update overview entities/ids first (DOCS-VULN-29-001).
  2. Propagate identifiers to console/API/CLI stubs (#2#4).
  3. Align ledger/policy/VEX/advisory/SBOM docs (#5#9).
  4. Finish telemetry/RBAC/runbook (#10#12).
  5. Update install doc (#13) once images/manifests arrive.

Last updated: 2025-12-05 (UTC)