git.stella-ops.org/docs/scripts/sbom-vex/README.md

SBOM→VEX Offline Kit (Stub)

This kit supports sprint task 6 (SBOM-VEX-GAPS-300-013).

Contents (stub):

• verify.sh – chain hash stub for SBOM + DSSE + Rekor + VEX
• chain-hash-recipe.md – canonicalisation steps
• inputs.lock – pinned tool versions and snapshot
• proof-manifest.json – chain hash placeholder
• sbom-vex-blueprint.svg – archived (empty placeholder)

Next steps:

• Add real SBOM/VEX samples and Rekor bundle snapshot.
• Produce DSSE signatures for proof manifest and scripts.
• Include time-anchor and backpressure/error policy notes per BP1–BP10.