5e514532df
- Added IIssuerDirectory interface for managing VEX document issuers, including methods for registration, revocation, and trust validation. - Created InMemoryIssuerDirectory class as an in-memory implementation of IIssuerDirectory for testing and single-instance deployments. - Introduced ISignatureVerifier interface for verifying signatures on VEX documents, with support for multiple signature formats. - Developed SignatureVerifier class as the default implementation of ISignatureVerifier, allowing extensibility for different signature formats. - Implemented handlers for DSSE and JWS signature formats, including methods for verification and signature extraction. - Defined various records and enums for issuer and signature metadata, enhancing the structure and clarity of the verification process.
44 lines
1.1 KiB
JSON
44 lines
1.1 KiB
JSON
{
|
|
"$schema": "https://stellaops.org/schemas/policy/scoring-result-v2.json",
|
|
"description": "Sample scoring result AFTER normalized field removal (canonical format)",
|
|
"scoring_result": {
|
|
"finding_id": "CVE-2024-1234",
|
|
"tenant_id": "default",
|
|
"profile_id": "risk-profile-001",
|
|
"profile_version": "1.2.0",
|
|
"raw_score": 7.5,
|
|
"severity": "high",
|
|
"signal_values": {
|
|
"cvss_base": 7.5,
|
|
"exploitability": 2.8,
|
|
"impact": 5.9
|
|
},
|
|
"scored_at": "2025-12-06T10:00:00Z",
|
|
"profile_hash": "sha256:abc123def456..."
|
|
},
|
|
"decision_summary": {
|
|
"total_decisions": 5,
|
|
"total_conflicts": 1,
|
|
"severity_counts": {
|
|
"critical": 0,
|
|
"high": 3,
|
|
"medium": 2,
|
|
"low": 0
|
|
},
|
|
"trust_weights": {
|
|
"nvd": 1.0,
|
|
"vendor-advisory": 0.8
|
|
}
|
|
},
|
|
"migration_notes": {
|
|
"removed_fields": ["normalized_score", "top_severity_sources"],
|
|
"added_fields": ["profile_hash", "trust_weights"],
|
|
"canonical_severity_mapping": {
|
|
"0.0-3.9": "low",
|
|
"4.0-6.9": "medium",
|
|
"7.0-8.9": "high",
|
|
"9.0-10.0": "critical"
|
|
}
|
|
}
|
|
}
|