21 lines
1019 B
Markdown
21 lines
1019 B
Markdown
# Deterministic SBOM-to-VEX Pipeline with Signed State Transitions
|
|
|
|
## Module
|
|
Policy
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Verification Summary
|
|
Full verdict pipeline determinism verified across 2 test projects (1716 tests total, 0 failures):
|
|
- **DeterminizationGate**: signal snapshot-based evaluation with uncertainty/trust/decay/guardrail metadata
|
|
- **DeterminismGuardService**: static analysis (ProhibitedPatternAnalyzer) and runtime monitoring
|
|
- **VerdictAttestationService**: DSSE-signed verdict decisions with deterministic predicate JSON
|
|
- **ScoringDeterminismVerifier**: scoring drift detection on weight changes
|
|
- **KnowledgeSnapshotManifest**: content-addressed snapshot pinning all inputs
|
|
- **PolicyGateEvaluator**: VEX state transition validation with DSSE-attested graphHash and path analysis
|
|
- Error handling: attestor unavailable and timeout return null (soft failure when FailOnError=false)
|
|
|
|
## Evidence
|
|
- `docs/qa/feature-checks/runs/policy/deterministic-sbom-to-vex-pipeline-with-signed-state-transitions/run-002/`
|