36 lines
1.7 KiB
Markdown
36 lines
1.7 KiB
Markdown
# Evidence TTL and staleness policy
|
|
|
|
## Module
|
|
Signals
|
|
|
|
## Status
|
|
PARTIALLY_IMPLEMENTED
|
|
|
|
## Description
|
|
Retention options and lifecycle services exist for evidence expiry, but the advisory noted TTL strategy at 50% coverage.
|
|
|
|
## What's Implemented
|
|
- **Modules**: `src/Signals/StellaOps.Signals/Services/`, `src/Signals/StellaOps.Signals/Options/`
|
|
- **Key Classes**:
|
|
- `UnknownsDecayService` (`src/Signals/StellaOps.Signals/Services/UnknownsDecayService.cs`) - applies decay to stale unknown findings (related TTL behavior)
|
|
- `UnknownsDecayOptions` (`src/Signals/StellaOps.Signals/Options/UnknownsDecayOptions.cs`) - configurable decay/TTL thresholds
|
|
- `NightlyDecayWorker` (`src/Signals/StellaOps.Signals/Services/NightlyDecayWorker.cs`) - scheduled worker for TTL processing
|
|
- **Source**: Feature matrix scan
|
|
|
|
## What's Missing
|
|
- Comprehensive evidence TTL policy engine covering all evidence types (callgraph, runtime, SBOM correlation, attestation)
|
|
- Per-evidence-type configurable TTL with different retention periods
|
|
- Staleness detection that marks evidence as stale before hard expiry
|
|
- Automated evidence archival workflow (move to cold storage before deletion)
|
|
- TTL policy dashboard showing evidence age distribution and upcoming expirations
|
|
|
|
## Implementation Plan
|
|
- Implement `EvidenceTtlPolicyEngine` with per-type configurable retention periods
|
|
- Add staleness detection service that marks evidence nearing TTL as stale
|
|
- Implement evidence archival pipeline for cold storage migration
|
|
- Add TTL policy configuration UI and monitoring dashboard
|
|
- Extend `NightlyDecayWorker` to handle evidence expiry across all evidence types
|
|
|
|
## Related Documentation
|
|
- Source: See feature catalog
|