stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
b9f71fc7e9e1fb9b1c366ebd75f92483b2f94b67
git.stella-ops.org/docs/console/forensics.md
StellaOps Bot 7503c19b8f Add determinism tests for verdict artifact generation and update SHA256 sums script 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
2025-12-24 02:17:34 +02:00

41 lines
1.5 KiB
Markdown
Raw Blame History

# Console Forensics and Evidence Review
This document describes how the Console supports forensic review of decisions: timelines, evidence viewing, attestation verification, and audit exports.
## Timeline Explorer
The timeline view should enable:
- Filtering by tenant, artifact, finding, and time window
- Drill-down from a verdict to its evidence objects (SBOM slice, VEX observation/linkset, reachability proof, policy explain trace)
- Visibility into operator actions (triage actions, exceptions, approvals) as append-only events
## Evidence Viewer
Evidence viewing should prioritize:
- Clear provenance (issuer identity, timestamps, digests)
- Verification state (signature verified/failed/unknown)
- Deterministic identifiers so auditors can replay and compare
## Attestation Verification
When presenting attestations (DSSE/in-toto):
- Display verification status and key identity
- Link to transparency log proof when configured
- Allow exporting the DSSE envelope and the referenced artifacts
## Export / Verify Workflows
Exports are the bridge between online and offline review:
- Exports should be deterministic (stable ordering, UTC timestamps).
- Export bundles should include integrity metadata (digests) so offline reviewers can verify without trusting a live service.
## References
- Console operator guide: `docs/15_UI_GUIDE.md`
- Offline Kit: `docs/24_OFFLINE_KIT.md`
- Vulnerability Explorer guide (triage model): `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
Reference in New Issue View Git Blame Copy Permalink