7503c19b8f
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
1.3 KiB
1.3 KiB
Findings Ledger and Replay (Vulnerability Explorer)
The Findings Ledger is the append-only backbone for auditable triage. It records current finding state, history transitions, and operator actions in a way that supports deterministic replay and offline verification.
This document provides a conceptual overview; the authoritative schema and hashing rules are in the Findings Ledger module docs.
What the Ledger Stores
- Finding records: enriched, policy-derived findings (with references to advisories/VEX/SBOM/reachability and explain traces).
- History: append-only state transitions with actor identity, justification, and timestamps (UTC).
- Triage actions: discrete operator actions (comment, assignment, mitigation note, ticket link) with immutable provenance.
Replay and Verification
- Replay reconstructs derived state from append-only history/actions and compares deterministic digests.
- Offline bundles include the ledger exports plus integrity metadata so auditors can verify without trusting a live service.
References
- Findings Ledger schema:
docs/modules/findings-ledger/schema.md - Merkle anchoring policy:
docs/modules/findings-ledger/merkle-anchor-policy.md - Vulnerability Explorer dossier:
docs/modules/vuln-explorer/architecture.md