bc4318ef97
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism. - Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions. - Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests. - Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
36 lines
1.0 KiB
Markdown
36 lines
1.0 KiB
Markdown
# Forensics and evidence locker
|
|
|
|
The evidence locker is a WORM friendly store for audit and forensic artifacts
|
|
such as bundles, logs, and attestations.
|
|
|
|
Storage model
|
|
- Object storage with immutable retention and versioning.
|
|
- PostgreSQL index with metadata and retention fields.
|
|
|
|
Ingest rules
|
|
- Append only, content addressed paths.
|
|
- Require tenant, hash, size, and provenance.
|
|
- Reject partial uploads or missing signatures.
|
|
|
|
Retention and legal hold
|
|
- Default retention per tenant.
|
|
- Legal hold blocks deletion until cleared by approval.
|
|
- Daily retention job emits audit logs.
|
|
|
|
Access and verification
|
|
- RBAC scopes for read, write, and legal hold.
|
|
- Verify hashes and DSSE signatures on demand.
|
|
- Background sampling emits failure events.
|
|
|
|
Minimum bundle layout
|
|
- manifest.json with hashes and provenance
|
|
- data/ payloads
|
|
- signatures/ for DSSE or sigstore bundles
|
|
|
|
Related references
|
|
- provenance/attestation-workflow.md
|
|
- security/timeline.md
|
|
- security/evidence-locker-publishing.md
|
|
- docs/forensics/evidence-locker.md
|
|
- docs/evidence-locker/evidence-pack-schema.md
|