stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
6c1177a6ceab81b77b16ec01a6c859b9e3c12f6a
git.stella-ops.org/docs/sbom/vuln-resolution.md
StellaOps Bot 579236bfce
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Add MongoDB storage library and update acceptance tests with deterministic stubs 
- Created StellaOps.Notify.Storage.Mongo project with initial configuration.
- Added expected output files for acceptance tests (at1.txt to at10.txt).
- Added fixture input files for acceptance tests (at1 to at10).
- Created input and signature files for test cases fc1 to fc5.
2025-12-05 22:56:01 +02:00

23 lines
783 B
Markdown
Raw Blame History

# SBOM Vulnerability Resolution (Md.XI draft)
> Status: DRAFT — pending export/advisory integration and GRAP0101 field freeze.
## Scope
- Version semantics, scope, paths, safe version hints for SBOM components in Vuln Explorer.
- Deterministic examples with hashes in `docs/assets/vuln-explorer/SHA256SUMS`.
## Dependencies
- Advisory integration (DOCS-VULN-29-008).
- GRAP0101 identifiers.
## Outline
- Component resolution (purl, NEVRA); scope (prod/dev/test).
- Path specificity and deduping rules.
- Safe version hints and policy overlays.
### Hash Capture Checklist (when inputs ready)
- `assets/vuln-explorer/sbom-component-resolution.json`
- `assets/vuln-explorer/sbom-path-dedupe.json`
- `assets/vuln-explorer/safe-version-hints.json`
_Last updated: 2025-12-05 (UTC)_
Reference in New Issue View Git Blame Copy Permalink