7b01c7d6ac
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Introduced a blueprint for explainable quiet alerts, detailing phases for SBOM, VEX readiness, and attestations. - Developed a roadmap for deterministic diff-aware rescans, enhancing scanner speed and efficiency. - Implemented a hash-based SBOM layer cache to optimize container scans by reusing previous results. - Created a multi-runtime reachability corpus to validate function-level reachability across various programming languages. - Proposed a stable SBOM model using SPDX 3.0.1 for persistence and CycloneDX 1.6 for interchange. - Established a validation plan for quiet scans, focusing on provenance and CI integration. - Documented guidelines for the Findings Ledger module, outlining roles, execution rules, and testing protocols.
1.2 KiB
1.2 KiB
Docs Guild Update — 2025-10-22
Subject: Concelier Authority toggle rollout polish
Audience: Docs Guild, Concelier WebService Guild, Authority Core
- Added a rollout phase table to
docs/10_CONCELIER_CLI_QUICKSTART.md, clarifying howauthority.enabledandauthority.allowAnonymousFallbackmove from validation to enforced mode and highlighting the audit/metric signals to watch at each step. - Extended the Authority integration checklist in the same quickstart so operators tie CLI smoke tests to audit counters before flipping enforcement.
- Refreshed
docs/modules/concelier/operations/authority-audit-runbook.mdwith the latest date stamp, prerequisites, and pre-check guidance that reference the quickstart timeline; keeps change-request templates aligned. - Documented the new Go analyzer artefacts in
docs/24_OFFLINE_KIT.md(manifest excerpt + tarball smoke test) so Ops can confirm the plug-in ships in the 2025‑10‑22 bundle before promoting it to mirrors.
Next steps:
- Concelier WebService owners to link this update in the next deployment bulletin once FEEDWEB-DOCS-01-001 clears review.
- Docs Guild to verify the Offline Kit doc bundle picks up the quickstart/runbook changes after the nightly build.