stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
7503c19b8ffa7f2891e5e672f9cfbf7efa4e2efb
git.stella-ops.org/docs/assets/vuln-explorer/console/CAPTURES.md
StellaOps Bot 7503c19b8f Add determinism tests for verdict artifact generation and update SHA256 sums script 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
2025-12-24 02:17:34 +02:00

3.4 KiB
Raw Blame History

Console Asset Captures for Vuln Explorer Documentation

Capture Instructions

Run the Console locally and capture each screen listed below.

# Start the dev environment
docker compose -f deploy/compose/docker-compose.dev.yaml up -d

# Access console at https://localhost:8443
# Log in with dev credentials
# Navigate to each section below and capture

Required Captures

1. Dashboard Overview

File: dashboard-overview.png
Description: Main dashboard showing vulnerability counts, risk scores, and recent activity.

![Dashboard Overview](./dashboard-overview.png)

The dashboard provides:
- Total vulnerability count by severity (Critical, High, Medium, Low)
- Risk score trend over time
- Top affected components
- Recent scan activity

2. Vulnerability Explorer List

File: vuln-explorer-list.png
Description: Vulnerability list view with filters and sorting.

![Vulnerability Explorer List](./vuln-explorer-list.png)

The vulnerability list shows:
- CVE ID, severity, CVSS score
- Affected package and version
- Fix availability status
- VEX status (affected, not_affected, fixed, under_investigation)

3. Vulnerability Detail View

File: vuln-detail.png
Description: Single vulnerability detail page with full context.

![Vulnerability Detail](./vuln-detail.png)

The detail view includes:
- Full vulnerability description
- CVSS vector breakdown
- Affected components
- Reachability analysis
- VEX statements
- Remediation guidance

4. Findings Ledger Timeline

File: findings-timeline.png
Description: Timeline view of vulnerability findings and state changes.

![Findings Timeline](./findings-timeline.png)

The timeline shows:
- Finding discovery events
- Status transitions
- Evidence snapshots
- Attestation links

5. Risk Score Panel

File: risk-score-panel.png
Description: Risk score breakdown with contributing factors.

![Risk Score Panel](./risk-score-panel.png)

The risk panel displays:
- Overall risk score (0-100)
- Factor breakdown (severity, exploitability, asset criticality)
- Score history
- Policy compliance status

6. VEX Consensus View

File: vex-consensus.png
Description: VEX consensus display showing multiple issuer statements.

![VEX Consensus](./vex-consensus.png)

The VEX consensus view shows:
- Aggregated status from multiple issuers
- Issuer trust levels
- Statement timestamps
- Rationale summaries

7. Policy Studio Editor

File: policy-studio-editor.png
Description: Policy Studio with editor and rule builder.

![Policy Studio Editor](./policy-studio-editor.png)

The Policy Studio includes:
- Policy editor with DSL highlighting
- Rule builder sidebar
- Simulation panel
- Lint/compile feedback

8. Air-Gap Status Panel

File: airgap-status.png
Description: Air-gap mode status and bundle information.

![Air-Gap Status](./airgap-status.png)

The air-gap panel shows:
- Sealed mode status
- Last advisory update timestamp
- Bundle version
- Time anchor validity

After Capture

  1. Place captured images in this directory.
  2. Compute hashes:
    • sha256sum *.png
  3. Record the sha256 next to each captured filename in this document (or in a sibling README where the asset is referenced).