stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5590a99a1aafad8b66c5ff1e1b4ecce7451809d9
git.stella-ops.org/docs/_archive/vuln/explorer-using-console.md
master 5590a99a1a Add tests for SBOM generation determinism across multiple formats 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
2025-12-23 23:51:58 +02:00

2.0 KiB
Raw Blame History

Vuln Explorer — Using the Console (Md.XI draft)

Status: DRAFT (awaiting GRAP0101 domain model + console asset drop). Do not publish until hashes captured.

Scope

  • Walk through primary console workflows: search/filter, saved views, keyboard shortcuts, drill-down, evidence export.
  • Highlight identity/ABAC enforcement and tenant scoping in UI.
  • Keep all examples deterministic; attach payload/screenshot hashes to docs/assets/vuln-explorer/SHA256SUMS.

Prerequisites

  • Domain model from GRAP0101 (entities, identifiers) — needed for labels and field names.
  • UI/CLI asset drop (screenshots, payload samples) — requested, due 2025-12-09.
  • Ledger/observability context from docs/modules/vuln-explorer/architecture.md and Findings Ledger docs.

Workflows (to be filled with assets)

  1. Discover & filter findings (search, severity, reachability/VEX toggles).
  2. Keyboard shortcuts for navigation (list, detail, actions) — pending asset table.
  3. Saved views & deep links (shareable, ABAC-aware permalinks) — include hash-verified examples.
  4. Drill-down: finding detail → history → actions → attachments (token validation flow).
  5. Export: reports and offline bundles; note hash verification step.

Determinism & Offline Notes

  • All screenshots/payloads must be hashed; record in docs/assets/vuln-explorer/SHA256SUMS.
  • Use fixed fixture IDs and ordered outputs; avoid live endpoints.

Hash Capture Checklist (fill once assets arrive)

  • assets/vuln-explorer/console-list.png (list view with filters applied)
  • assets/vuln-explorer/console-detail.png (finding detail + history/actions panes)
  • assets/vuln-explorer/console-shortcuts.md (shortcut matrix payload)
  • assets/vuln-explorer/console-saved-view.json (saved view export)

Open Items before publish

  • Replace placeholders with GRAP0101-backed field names and identity labels.
  • Insert screenshot tables and payload snippets once assets arrive.
  • Add keyboard shortcut matrix and deep-link examples with hashes.

Last updated: 2025-12-05 (UTC)