stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
536f6249a62721494f9735dafa8b9e53db7754ea
git.stella-ops.org/src/Zastava/StellaOps.Zastava.Observer/TASKS.md
master 536f6249a6
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
2025-11-08 20:53:45 +02:00

1.9 KiB
Raw Blame History

Zastava Observer Task Board

ID Status Owner(s) Depends on Description Exit Criteria
ZASTAVA-SURFACE-01 TODO Zastava Observer Guild SURFACE-FS-02 Integrate Surface.FS client for runtime drift detection (lookup cached layer hashes/entry traces). Observer validates runtime vs cache; integration tests cover drift + cache-miss cases.
ZASTAVA-SURFACE-02 TODO Zastava Observer Guild SURFACE-FS-02, ZASTAVA-SURFACE-01 Adopt Surface manifest reader helpers to resolve cas:// pointers and surface cache lineage in drift diagnostics. See docs/modules/scanner/design/surface-fs-consumers.md §4 for expectations. Observer fetches manifests via new URI schema; drift diagnostics show manifest provenance; unit/integration tests cover pointer fetch and error fallback.
ZASTAVA-ENV-01 TODO Zastava Observer Guild SURFACE-ENV-02 Adopt Surface.Env helpers for cache endpoints, secret refs, and feature toggles. Observer configuration centralised; misconfiguration warnings logged; docs updated.
ZASTAVA-SECRETS-01 TODO Zastava Observer Guild, Security Guild SURFACE-SECRETS-02 Retrieve CAS/attestation access via Surface.Secrets instead of inline secret stores. Secrets resolved through shared provider; rotation/resilience tests pass.

2025-10-24: Observer unit tests pending; dotnet restore requires offline copies of Google.Protobuf, Grpc.Net.Client, Grpc.Tools in local-nuget before execution can be verified.

| ZASTAVA-REACH-201-001 | TODO | Zastava Observer Guild | SIGNALS-24-001 | Stream runtime symbol hits + EntryTrace shell contexts to Signals /runtime-facts, attach build-id metadata, and emit CAS-backed trace blobs per scan/run. Update observer config/runbook references. | Runtime sampler unit/integration tests pass; ND-JSON batches accepted by Signals; docs + configs refreshed. |