stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
6e687b523aa572c0850de61175d702ad3f7d9c24
git.stella-ops.org/docs/modules/vex-lens/guides/explorer-integration.md
master 4789027317 docs consolidation and others
2026-01-06 19:07:48 +02:00

1.0 KiB
Raw Blame History

VEX Integration with Vulnerability Explorer

The Vulnerability Explorer and triage surfaces treat VEX as first-class evidence: operator decisions should be explainable, replayable, and linked to provenance.

Triage View Expectations

  • Show effective VEX status alongside policy outcome and reachability/impact signals.
  • Make conflicts visible and navigable (issuer list, trust tiers, verification state).
  • Provide deep links from the triage view into VEX evidence (raw observations/linksets) and to policy explain traces.

Filtering and Lanes

VEX evidence commonly affects:

  • Default lane placement (e.g., MUTED_VEX vs ACTIVE)
  • Whether a finding is actionable, needs exception, or can be shipped
  • Staleness warnings for offline snapshots

The Explorer must remain “quiet by default, never silent”: VEX-based suppression should be reversible and auditable, not a destructive delete.

References

  • docs/VULNERABILITY_EXPLORER_GUIDE.md
  • docs/VEX_CONSENSUS_GUIDE.md
  • docs/modules/vuln-explorer/architecture.md