4.1 KiB
4.1 KiB
VEX Observation and Webhooks CLI (stella vex evidence/webhooks/observation)
Module
Cli
Status
VERIFIED
Description
Extended VEX CLI plugin providing evidence linking, webhook management for VEX events, and VEX observation commands with Rekor attestation support for transparency log integration. Consolidates vex, vexgen, vexlens, and advisory commands under a unified stella vex umbrella.
Implementation Details
- Unified VEX Command Group:
src/Cli/StellaOps.Cli/Commands/VexCommandGroup.cs--VexCommandGroup(static class)- Sprint: SPRINT_20260118_014_CLI_evidence_remaining_consolidation (CLI-E-008)
- Consolidates: vex, vexgen, vexlens, advisory commands
- VEX Generation:
src/Cli/StellaOps.Cli/Commands/VexGenCommandGroup.cs--VexGenCommandGroupwith evidence linking viaIVexEvidenceLinker - Runtime Observations:
src/Cli/StellaOps.Cli/Commands/Observations/ObservationsCommandGroup.cs--ObservationsCommandGroup(static class)- Sprint: SPRINT_20260122_039_Scanner_runtime_linkage_verification (RLV-008)
- Uses
IObservationStoreand verification services from Scanner module
- Commands (VEX umbrella):
stella vex generate --scan <id> [--format openvex|csaf|cyclonedx] [--output <path>] [--product <name>] [--supplier <name>] [--sign]-- generate VEX documentsstella vex validate --input <file> [--strict] [--schema <file>]-- validate VEX document schema and consistencystella vex query [--cve <id>] [--product <name>] [--status affected|not_affected|under_investigation] [--format table|json] [--limit <n>]-- query VEX statementsstella vex advisory list [--severity critical|high|medium|low] [--source nvd|osv|ghsa] [--after <date>]-- list advisoriesstella vex advisory show <cve-id> [--format text|json]-- show advisory detailsstella vex advisory sync [--source <name>] [--force]-- sync advisory feedsstella vex lens analyze --scan <id> [--cve <id>] [--depth <n>]-- reachability analysis for VEX determinationstella vex lens explain --scan <id> --cve <id>-- explain VEX determination reasoning with evidence chainstella vex apply --scan <id> --vex <file> [--dry-run]-- apply VEX statements to scan results
- Commands (observations):
stella observations query [--symbol <glob>] [--node-hash <sha256>] [--container <id>] [--pod <name>] [--namespace <ns>]-- query runtime observations
E2E Test Plan
- Run
stella vex generate --scan <id>and verify VEX document with statement counts - Run
stella vex generate --scan <id> --format csaf --signand verify signed CSAF output - Run
stella vex validate --input vex.jsonand verify schema/statement/product/CVE validation passes - Run
stella vex validate --input vex.json --strictand verify strict mode - Run
stella vex query --status not_affectedand verify filtered query results - Run
stella vex advisory list --severity criticaland verify critical-only listing - Run
stella vex advisory show CVE-2024-1234and verify advisory details (severity, CWE, affected products) - Run
stella vex advisory syncand verify feed sync counts per source - Run
stella vex lens analyze --scan <id>and verify reachability analysis with REACHABLE/EXPLOITABLE columns - Run
stella vex lens explain --scan <id> --cve CVE-2024-1234and verify determination explanation with evidence - Run
stella vex apply --scan <id> --vex vex.json --dry-runand verify preview of VEX suppressions - Run
stella observations query --symbol "SSL_*"and verify symbol-filtered observation results
Verification
- Verified: 2026-02-13T15:30:00Z
- Tier 0 (Source): pass -- all referenced source files exist on disk
- Tier 1 (Build): pass -- module builds cleanly, 339 tests pass in StellaOps.Cli.Plugins.Tests
- Tier 2d (Integration): pass -- targeted integration tests confirm behavioral correctness
- Test Project:
src/Cli/__Tests/StellaOps.Cli.Plugins.Tests/StellaOps.Cli.Plugins.Tests.csproj - Evidence:
docs/qa/feature-checks/runs/cli/vex-observation-and-webhooks-cli/run-001/tier2-integration-check.json