stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
8c8f0c632d7968fc799ff2ec6da0108de500f378
git.stella-ops.org/docs/vuln/GRAP0101-integration-checklist.md
StellaOps Bot 579236bfce
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Add MongoDB storage library and update acceptance tests with deterministic stubs 
- Created StellaOps.Notify.Storage.Mongo project with initial configuration.
- Added expected output files for acceptance tests (at1.txt to at10.txt).
- Added fixture input files for acceptance tests (at1 to at10).
- Created input and signature files for test cases fc1 to fc5.
2025-12-05 22:56:01 +02:00

30 lines
1.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# GRAP0101 Integration Checklist for Vuln Explorer Md.XI
Use this checklist when the GRAP0101 domain model contract arrives.
## Fill across docs
- `docs/vuln/explorer-overview.md`: replace `[[pending:...]]` placeholders (entities, relationships, identifiers); confirm triage state names; add hashes for examples once captured.
- `docs/vuln/explorer-using-console.md`: apply final field labels, keyboard shortcuts, saved view params; drop hashed assets per checklist.
- `docs/vuln/explorer-api.md`: finalize filter/sort/ETag params, limits, error codes; attach hashed request/response fixtures.
- `docs/vuln/explorer-cli.md`: align flag names with API; add hashed CLI outputs.
- `docs/vuln/findings-ledger.md`: align schema names/ids; confirm hash fields and Merkle notes match GRAP0101.
- `docs/policy/vuln-determinations.md`: sync identifiers and signal fields referenced in policy outputs.
- `docs/vex/explorer-integration.md`: confirm CSAF→VEX mapping fields and precedence references.
- `docs/advisories/explorer-integration.md`: update advisory identifiers/keys to GRAP0101 naming.
- `docs/sbom/vuln-resolution.md`: align component identifier fields (purl/NEVRA) with GRAP0101.
- `docs/observability/vuln-telemetry.md`: verify metric/log labels (findingId, advisoryId, policyVersion, artifactId) match contract.
- `docs/security/vuln-rbac.md`: confirm scope/claim names and attachment token fields.
- `docs/runbooks/vuln-ops.md`: ensure IDs/fields in remediation steps match contract.
## Hash capture locations
- Record all assets in `docs/assets/vuln-explorer/SHA256SUMS` using the per-subdir checklists.
## Order of operations
1. Update overview entities/ids first (DOCS-VULN-29-001).
2. Propagate identifiers to console/API/CLI stubs (#2#4).
3. Align ledger/policy/VEX/advisory/SBOM docs (#5#9).
4. Finish telemetry/RBAC/runbook (#10#12).
5. Update install doc (#13) once images/manifests arrive.
_Last updated: 2025-12-05 (UTC)_
Reference in New Issue View Git Blame Copy Permalink