e91da22836
- Introduced attestation inventory and subject-rekor mapping files for tracking Docker packages. - Added a comprehensive crypto registry decision document outlining defaults and required follow-ups. - Created an offline feeds manifest for bundling air-gap resources. - Implemented a script to generate and update binary manifests for curated binaries. - Added a verification script to ensure binary artefacts are located in approved directories. - Defined new schemas for AdvisoryEvidenceBundle, OrchestratorEnvelope, ScannerReportReadyPayload, and ScannerScanCompletedPayload. - Established project files for StellaOps.Orchestrator.Schemas and StellaOps.PolicyAuthoritySignals.Contracts. - Updated vendor manifest to track pinned binaries for integrity.
41 lines
933 B
YAML
41 lines
933 B
YAML
extends:
|
|
- "spectral:oas"
|
|
|
|
formats:
|
|
- "oas3"
|
|
|
|
rules:
|
|
stella-info-title:
|
|
description: "OpenAPI info.title must be present"
|
|
message: "Add a descriptive `info.title`"
|
|
given: "$.info.title"
|
|
severity: error
|
|
then:
|
|
function: truthy
|
|
|
|
stella-info-version:
|
|
description: "OpenAPI info.version must be present"
|
|
message: "Set `info.version` (SemVer or release tag)"
|
|
given: "$.info.version"
|
|
severity: error
|
|
then:
|
|
function: truthy
|
|
|
|
stella-servers-https:
|
|
description: "Servers should use https"
|
|
given: "$.servers[*].url"
|
|
severity: warn
|
|
then:
|
|
function: pattern
|
|
functionOptions:
|
|
match: "^https://"
|
|
|
|
operation-operationId-required:
|
|
description: "Every operation must have an operationId"
|
|
message: "Add an `operationId` for this operation"
|
|
given: "$.paths[*][*]"
|
|
severity: error
|
|
then:
|
|
field: operationId
|
|
function: truthy
|