stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
acbb0ff637e49804eb39d6bcac87f2a7d29848c0
git.stella-ops.org/docs/modules/signals/evidence/README.md
StellaOps Bot 885ce86af4
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
feat: Add VEX Lens CI and Load Testing Plan 
- Introduced a comprehensive CI job structure for VEX Lens, including build, test, linting, and load testing.
- Defined load test parameters and SLOs for VEX Lens API and Issuer Directory.
- Created Grafana dashboards and alerting mechanisms for monitoring API performance and error rates.
- Established offline posture guidelines for CI jobs and load testing.

feat: Implement deterministic projection verification script

- Added `verify_projection.sh` script for verifying the integrity of projection exports against expected hashes.
- Ensured robust error handling for missing files and hash mismatches.

feat: Develop Vuln Explorer CI and Ops Plan

- Created CI jobs for Vuln Explorer, including build, test, and replay verification.
- Implemented backup and disaster recovery strategies for MongoDB and Redis.
- Established Merkle anchoring verification and automation for ledger projector.

feat: Introduce EventEnvelopeHasher for hashing event envelopes

- Implemented `EventEnvelopeHasher` to compute SHA256 hashes for event envelopes.

feat: Add Risk Store and Dashboard components

- Developed `RiskStore` for managing risk data and state.
- Created `RiskDashboardComponent` for displaying risk profiles with filtering capabilities.
- Implemented unit tests for `RiskStore` and `RiskDashboardComponent`.

feat: Enhance Vulnerability Detail Component

- Developed `VulnerabilityDetailComponent` for displaying detailed information about vulnerabilities.
- Implemented error handling for missing vulnerability IDs and loading failures.
2025-12-02 07:18:28 +02:00

1.6 KiB
Raw Blame History

Signals DSSE Evidence Staging (runtime/signals gaps)

Artifacts prepared 2025-12-01 (UTC) for DSSE signing and Evidence Locker ingest:

  • Decay config: docs/modules/signals/decay/confidence_decay_config.yaml
  • Unknowns scoring manifest: docs/modules/signals/unknowns/unknowns_scoring_manifest.json
  • Heuristic catalog + schema + fixtures: docs/modules/signals/heuristics/
  • Checksums: docs/modules/signals/SHA256SUMS

Planned Evidence Locker paths (to fill post-signing):

  • evidence-locker/signals/decay/2025-12-01/confidence_decay_config.dsse
  • evidence-locker/signals/unknowns/2025-12-01/unknowns_scoring_manifest.dsse
  • evidence-locker/signals/heuristics/2025-12-01/heuristics_catalog.dsse
  • evidence-locker/signals/heuristics/2025-12-01/fixtures/ (golden inputs/outputs)

Pending steps:

  1. Sign each artifact with its predicate:
    • stella.ops/confidenceDecayConfig@v1
    • stella.ops/unknownsScoringManifest@v1
    • stella.ops/heuristicCatalog@v1 Example (replace KEY):
    cosign sign-blob \
  --key cosign.key \
  --predicate-type stella.ops/confidenceDecayConfig@v1 \
  --output-signature confidence_decay_config.dsse \
  decay/confidence_decay_config.yaml
  2. Attach SHA256 from SHA256SUMS in DSSE headers/annotations.
  3. Place signed envelopes + checksums in the Evidence Locker paths above; update sprint tracker Delivery Tracker rows 57 and Decisions & Risks with the final URIs.
  4. Add signer/approver IDs to the sprint Execution Log once signatures are complete.

Notes:

  • Use UTC timestamps in DSSE issuedAt.
  • Ensure offline parity by copying envelopes + SHA256SUMS into the offline kit bundle when ready.