79b8e53441
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Introduced `SbomService` tasks documentation. - Updated `StellaOps.sln` to include new projects: `StellaOps.AirGap.Time` and `StellaOps.AirGap.Importer`. - Added unit tests for `BundleImportPlanner`, `DsseVerifier`, `ImportValidator`, and other components in the `StellaOps.AirGap.Importer.Tests` namespace. - Implemented `InMemoryBundleRepositories` for testing bundle catalog and item repositories. - Created `MerkleRootCalculator`, `RootRotationPolicy`, and `TufMetadataValidator` tests. - Developed `StalenessCalculator` and `TimeAnchorLoader` tests in the `StellaOps.AirGap.Time.Tests` namespace. - Added `fetch-sbomservice-deps.sh` script for offline dependency fetching.
936 B
936 B
Export Risk Bundle Prep — PREP-EXPORT-RISK-69-001
Status: Draft (2025-11-20) Owners: Exporter Service · Risk Bundle Export Guild Scope: Capture provider selection rules and schema needs for risk bundle job handler.
Provider selection (proposed)
- Inputs:
risk_profile_id,tenant_id,preferred_provider,fallback_provider. - Selection order: tenant override → profile default → system default.
- Providers must advertise capabilities
{formats[], signing_profiles[]}.
Manifest expectations
- Fields:
bundle_id,profile_id,provider_id,inputs_hash,created_at,artifacts[] {path, sha256, media_type}. - Deterministic ordering and sha256 for all artifacts.
Open decisions
- Final list of providers and signing profiles.
- Whether to embed policy/export bundle pointers.
Handoff
Use this as PREP artefact for EXPORT-RISK-69-001; update provider list and manifest once phase I artifacts land.