52 lines
3.3 KiB
Markdown
52 lines
3.3 KiB
Markdown
# Unified Evidence Endpoint (Single API for Complete Evidence Panel)
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Description
|
|
Single API endpoint that returns all evidence tabs for a finding in one call (replacing 6 separate API calls). Includes manifest hashes for determinism verification, green/red verification status, and evidence bundle download as ZIP/TAR.
|
|
|
|
## Implementation Details
|
|
- **Unified Evidence Service**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/UnifiedEvidenceService.cs` - `UnifiedEvidenceService` composing all evidence tabs (vulnerability, reachability, VEX, SBOM, policy, attestation) into a single response
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/IUnifiedEvidenceService.cs` - Interface for unified evidence composition
|
|
- **Evidence Endpoints**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/EvidenceEndpoints.cs` - `EvidenceEndpoints` single REST endpoint returning complete evidence panel
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaEvidenceEndpoints.cs` - Delta evidence for SmartDiff comparisons
|
|
- **Evidence Bundle Export**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceBundleExporter.cs` - `EvidenceBundleExporter` packaging evidence as downloadable ZIP/TAR archives
|
|
- **Replay Command**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/ReplayCommandService.cs` - `ReplayCommandService` generating replay commands for determinism verification
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/ReplayCommandContracts.cs` - Replay command API contracts
|
|
- **Contracts**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/UnifiedEvidenceContracts.cs` - API contracts for unified evidence response with manifest hashes and verification status
|
|
- **Evidence Models**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Models/EvidenceBundle.cs` - `EvidenceBundle` model for packaged evidence
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Privacy/EvidenceRedactionService.cs` - `EvidenceRedactionService` redacting sensitive data before export
|
|
- **Tests**:
|
|
- `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/UnifiedEvidenceServiceTests.cs` - Unified evidence service tests
|
|
- `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/EvidenceCompositionServiceTests.cs` - Composition tests
|
|
- `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/ReplayCommandServiceTests.cs` - Replay command tests
|
|
|
|
## E2E Test Plan
|
|
- [ ] Query the unified evidence endpoint for a finding and verify all evidence tabs (vulnerability, reachability, VEX, SBOM, policy, attestation) are returned in a single response
|
|
- [ ] Verify manifest hashes are included in the response for determinism verification
|
|
- [ ] Verify green/red verification status correctly reflects whether evidence passes verification checks
|
|
- [ ] Download evidence bundle as ZIP and verify it contains all evidence artifacts
|
|
- [ ] Verify the replay command in the response can be executed to reproduce the same evidence
|
|
- [ ] Verify `EvidenceRedactionService` correctly removes sensitive data from exported evidence bundles
|
|
|
|
---
|
|
|
|
## Verification
|
|
|
|
| Check | Result |
|
|
|-------|--------|
|
|
| Tier 0 - Source files exist | PASS |
|
|
| Tier 1 - Build + code review | PASS |
|
|
| Tier 2 - Integration tests | PASS |
|
|
| Verified | 2026-02-13T18:10:00Z |
|