22 lines
1.1 KiB
Markdown
22 lines
1.1 KiB
Markdown
# Replay Payload Contract (Prep for PREP-EVID-REPLAY-187-001)
|
|
|
|
Status: **Ready for implementation** (2025-11-20)
|
|
Owners: Evidence Locker Guild · Scanner Guild
|
|
Scope: Define deterministic scanner record payload shape required to ingest replay bundles (Sprint 0187).
|
|
|
|
## Payload shape
|
|
- NDJSON per record; sorted by `recordedAtUtc` then `scanId`.
|
|
- Fields:
|
|
- `scanId` (GUID), `tenantId`, `subjectDigest` (sha256:...), `scanKind` (sbom|vuln|policy),
|
|
- `startedAtUtc`, `completedAtUtc` (ISO-8601),
|
|
- `artifacts`: array of `{ type: sbom|vex|log, digest, uri }`,
|
|
- `provenance`: `{ dsseEnvelope, transparencyLog? }` (base64 DSSE; optional Rekor entry),
|
|
- `summary`: `{ findings: int, advisories: int, policies: int }`.
|
|
- Determinism: no wall-clock except the recorded timestamps above; DSSE envelope copied verbatim from scanner output.
|
|
|
|
## Acceptance criteria
|
|
- Scanner Guild provides sample NDJSON (10 records) with DSSE envelope redacted allowed.
|
|
- Evidence Locker can ingest and store bundle with deterministic ordering and hash (SHA256) across runs.
|
|
- Contract published here and referenced in Sprint 0187 P1/P2/P3.
|
|
|