stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
7be4e855d69f59ea7837af96fef37fdac63a41fe
git.stella-ops.org/docs/features/checked/scanner/explainable-triage-ux-with-evidence-linked-findings.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

50 lines
2.6 KiB
Markdown
Raw Blame History

# Explainable triage UX with evidence-linked findings
## Module
Scanner
## Status
VERIFIED
## Description
Tabbed evidence panel with policy, binary diff, confidence meter, and SBOM evidence tabs provides expandable evidence views per finding.
## Implementation Details
- **Explainability Library**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/` - Explainability services for evidence-linked findings
- `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Dsse/ExplainabilityPredicateSerializer.cs` - Serializes explainability predicates
- `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Falsifiability/FalsifiabilityGenerator.cs` - Generates falsification criteria
- `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Falsifiability/FalsifiabilityCriteria.cs` - Criteria model
- **Triage Services**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/` - Triage domain services
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Models/ExploitPath.cs` - Exploit path model for evidence linking
- **Evidence Composition**:
- `src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceCompositionService.cs` - Composes multi-source evidence per finding
- `src/Scanner/StellaOps.Scanner.WebService/Services/IEvidenceCompositionService.cs` - Interface
- **Finding Rationale**:
- `src/Scanner/StellaOps.Scanner.WebService/Services/FindingRationaleService.cs` - Provides rationale explanations per finding
- `src/Scanner/StellaOps.Scanner.WebService/Services/IFindingRationaleService.cs` - Interface
- **API**:
- `src/Scanner/StellaOps.Scanner.WebService/Controllers/FindingsEvidenceController.cs` - Evidence controller
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/FindingEvidenceContracts.cs` - Evidence API contracts
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/RationaleContracts.cs` - Rationale contracts
## E2E Test Plan
- [ ] Query finding evidence via the FindingsEvidenceController and verify tabbed evidence is returned
- [ ] Verify policy evidence tab includes applicable policy rules and evaluation results
- [ ] Verify binary diff evidence tab includes delta analysis when available
- [ ] Verify confidence meter shows score breakdown with contributing factors
- [ ] Verify SBOM evidence tab includes component provenance and version data
- [ ] Verify finding rationale service provides human-readable explanations
---
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |
Reference in New Issue View Git Blame Copy Permalink