stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
8e1cb9448d752df07141efe450cf4b9b67fe55d1
git.stella-ops.org/docs/features/checked/exportcenter/export-center-risk-bundle-builder.md

1.7 KiB
Raw Blame History

Export Center Risk Bundle Builder

Module

ExportCenter

Status

IMPLEMENTED

Description

Generates signed risk bundles aggregating vulnerability findings, VEX decisions, and policy evaluations into portable, DSSE-signed export artifacts for compliance reporting and auditor handoff.

Implementation Details

  • Risk bundle builder: src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleBuilder.cs -- aggregates findings, VEX decisions, and policy evaluations into portable bundles
  • Risk bundle models: src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleModels.cs -- bundle data models
  • Risk bundle signing: src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleSigning.cs -- DSSE signing for risk bundles
  • Risk bundle job: src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleJob.cs -- async job for bundle generation
  • Object store: src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleObjectStore.cs, FileSystemRiskBundleObjectStore.cs -- bundle storage
  • Job handler: src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/RiskBundle/RiskBundleJobHandler.cs -- processes risk bundle jobs
  • Attestation service: src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/Attestation/ExportAttestationService.cs -- DSSE attestations for exports
  • Source: SPRINT_0163_0001_0001_exportcenter_ii.md

E2E Test Plan

  • Verify risk bundle builder aggregates vulnerability findings correctly
  • Test DSSE signing produces valid signed bundles
  • Verify bundle includes VEX decisions and policy evaluations
  • Test async job processing for large bundles
  • Verify bundle storage and retrieval via object store