stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5590a99a1aafad8b66c5ff1e1b4ecce7451809d9
git.stella-ops.org/docs/_archive/vuln/GRAP0101-integration-checklist.md
master 5590a99a1a Add tests for SBOM generation determinism across multiple formats 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
2025-12-23 23:51:58 +02:00

1.9 KiB
Raw Blame History

GRAP0101 Integration Checklist for Vuln Explorer Md.XI

Use this checklist when the GRAP0101 domain model contract arrives.

Fill across docs

  • docs/vuln/explorer-overview.md: replace [[pending:...]] placeholders (entities, relationships, identifiers); confirm triage state names; add hashes for examples once captured.
  • docs/vuln/explorer-using-console.md: apply final field labels, keyboard shortcuts, saved view params; drop hashed assets per checklist.
  • docs/vuln/explorer-api.md: finalize filter/sort/ETag params, limits, error codes; attach hashed request/response fixtures.
  • docs/vuln/explorer-cli.md: align flag names with API; add hashed CLI outputs.
  • docs/vuln/findings-ledger.md: align schema names/ids; confirm hash fields and Merkle notes match GRAP0101.
  • docs/policy/vuln-determinations.md: sync identifiers and signal fields referenced in policy outputs.
  • docs/vex/explorer-integration.md: confirm CSAF→VEX mapping fields and precedence references.
  • docs/advisories/explorer-integration.md: update advisory identifiers/keys to GRAP0101 naming.
  • docs/sbom/vuln-resolution.md: align component identifier fields (purl/NEVRA) with GRAP0101.
  • docs/observability/vuln-telemetry.md: verify metric/log labels (findingId, advisoryId, policyVersion, artifactId) match contract.
  • docs/security/vuln-rbac.md: confirm scope/claim names and attachment token fields.
  • docs/runbooks/vuln-ops.md: ensure IDs/fields in remediation steps match contract.

Hash capture locations

  • Record all assets in docs/assets/vuln-explorer/SHA256SUMS using the per-subdir checklists.

Order of operations

  1. Update overview entities/ids first (DOCS-VULN-29-001).
  2. Propagate identifiers to console/API/CLI stubs (#2#4).
  3. Align ledger/policy/VEX/advisory/SBOM docs (#5#9).
  4. Finish telemetry/RBAC/runbook (#10#12).
  5. Update install doc (#13) once images/manifests arrive.

Last updated: 2025-12-05 (UTC)