f4d7a15a00
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented RustFsArtifactObjectStore for managing artifacts in RustFS. - Added unit tests for RustFsArtifactObjectStore functionality. - Created a RustFS migrator tool to transfer objects from S3 to RustFS. - Introduced policy preview and report models for API integration. - Added fixtures and tests for policy preview and report functionality. - Included necessary metadata and scripts for cache_pkg package.
315 lines
6.7 KiB
JSON
315 lines
6.7 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "https://schemas.stella-ops.org/policy/policy-preview-sample@1.json",
|
|
"title": "Policy Preview Sample",
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"previewRequest",
|
|
"previewResponse"
|
|
],
|
|
"properties": {
|
|
"previewRequest": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"imageDigest",
|
|
"findings"
|
|
],
|
|
"properties": {
|
|
"imageDigest": {
|
|
"type": "string",
|
|
"pattern": "^sha256:[0-9a-f]{64}$"
|
|
},
|
|
"findings": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"$ref": "#/$defs/finding"
|
|
}
|
|
},
|
|
"baseline": {
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/$defs/baselineVerdict"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"previewResponse": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"success",
|
|
"policyDigest",
|
|
"revisionId",
|
|
"changed",
|
|
"diffs",
|
|
"issues"
|
|
],
|
|
"properties": {
|
|
"success": {
|
|
"type": "boolean"
|
|
},
|
|
"policyDigest": {
|
|
"type": "string",
|
|
"pattern": "^[0-9a-f]{64}$"
|
|
},
|
|
"revisionId": {
|
|
"type": "string"
|
|
},
|
|
"changed": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"diffs": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"findingId",
|
|
"baseline",
|
|
"projected",
|
|
"changed"
|
|
],
|
|
"properties": {
|
|
"findingId": {
|
|
"type": "string"
|
|
},
|
|
"baseline": {
|
|
"$ref": "#/$defs/baselineVerdict"
|
|
},
|
|
"projected": {
|
|
"$ref": "#/$defs/projectedVerdict"
|
|
},
|
|
"changed": {
|
|
"type": "boolean"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"issues": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"code",
|
|
"message",
|
|
"severity",
|
|
"path"
|
|
],
|
|
"properties": {
|
|
"code": {
|
|
"type": "string"
|
|
},
|
|
"message": {
|
|
"type": "string"
|
|
},
|
|
"severity": {
|
|
"type": "string"
|
|
},
|
|
"path": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"$defs": {
|
|
"finding": {
|
|
"type": "object",
|
|
"required": [
|
|
"id",
|
|
"severity",
|
|
"source"
|
|
],
|
|
"properties": {
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"severity": {
|
|
"type": "string"
|
|
},
|
|
"source": {
|
|
"type": "string"
|
|
},
|
|
"tags": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": true
|
|
},
|
|
"inputs": {
|
|
"type": "object",
|
|
"minProperties": 1,
|
|
"propertyNames": {
|
|
"type": "string",
|
|
"maxLength": 64
|
|
},
|
|
"additionalProperties": {
|
|
"type": "number"
|
|
}
|
|
},
|
|
"baselineVerdict": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"findingId",
|
|
"status",
|
|
"configVersion",
|
|
"score"
|
|
],
|
|
"properties": {
|
|
"findingId": {
|
|
"type": "string"
|
|
},
|
|
"status": {
|
|
"type": "string",
|
|
"enum": [
|
|
"Pass",
|
|
"Blocked",
|
|
"Warned",
|
|
"Ignored",
|
|
"Deferred",
|
|
"Escalated",
|
|
"RequiresVex"
|
|
]
|
|
},
|
|
"ruleName": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"ruleAction": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"notes": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"score": {
|
|
"type": "number"
|
|
},
|
|
"configVersion": {
|
|
"type": "string"
|
|
},
|
|
"inputs": {
|
|
"$ref": "#/$defs/inputs"
|
|
},
|
|
"quietedBy": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"quiet": {
|
|
"type": "boolean"
|
|
},
|
|
"unknownConfidence": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"confidenceBand": {
|
|
"type": "string",
|
|
"enum": [
|
|
"low",
|
|
"medium",
|
|
"high",
|
|
"unspecified"
|
|
]
|
|
},
|
|
"unknownAgeDays": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"sourceTrust": {
|
|
"type": "string"
|
|
},
|
|
"reachability": {
|
|
"type": "string",
|
|
"enum": [
|
|
"unknown",
|
|
"runtime",
|
|
"entrypoint",
|
|
"direct",
|
|
"indirect",
|
|
"unreachable"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"projectedVerdict": {
|
|
"allOf": [
|
|
{
|
|
"$ref": "#/$defs/baselineVerdict"
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"ruleName",
|
|
"ruleAction",
|
|
"unknownConfidence",
|
|
"confidenceBand",
|
|
"unknownAgeDays",
|
|
"sourceTrust",
|
|
"reachability"
|
|
],
|
|
"properties": {
|
|
"ruleName": {
|
|
"type": "string"
|
|
},
|
|
"ruleAction": {
|
|
"type": "string"
|
|
},
|
|
"unknownConfidence": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"confidenceBand": {
|
|
"type": "string",
|
|
"enum": [
|
|
"low",
|
|
"medium",
|
|
"high",
|
|
"unspecified"
|
|
]
|
|
},
|
|
"unknownAgeDays": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"sourceTrust": {
|
|
"type": "string"
|
|
},
|
|
"reachability": {
|
|
"type": "string",
|
|
"enum": [
|
|
"unknown",
|
|
"runtime",
|
|
"entrypoint",
|
|
"direct",
|
|
"indirect",
|
|
"unreachable"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|