4dc7cf834a
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Console CI / console-ci (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
VEX Proof Bundles / verify-bundles (push) Has been cancelled
- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`. - Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs. - Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details. - Enhanced evidence entries with expiration dates and hashes for better integrity checks. - Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
29 lines
813 B
JSON
29 lines
813 B
JSON
{
|
|
"context": "https://openvex.dev/ns/v0.2.0",
|
|
"metadata": {
|
|
"id": "urn:stellaops:vex:config-guard-1",
|
|
"author": "StellaOps Excititor",
|
|
"timestamp": "2025-12-04T00:00:00Z"
|
|
},
|
|
"statements": [
|
|
{
|
|
"vulnerability": "CVE-2024-7777",
|
|
"products": [
|
|
"pkg:demo/app@1.0.1"
|
|
],
|
|
"status": "not_affected",
|
|
"status_notes": "Feature flags disable vulnerable path; negative tests and runtime trace clean.",
|
|
"justification": "configuration_required",
|
|
"statementID": "urn:stellaops:vex:statement:config-guard-1",
|
|
"last_updated": "2025-12-04T00:00:00Z",
|
|
"known_exploited": false,
|
|
"references": [
|
|
{
|
|
"summary": "Proof bundle",
|
|
"url": "cas://proofbundles/sample-proof-bundle-config.json"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|