stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
ce5ec9c158f31c649b839e2950b2e203d2271624
git.stella-ops.org/docs/product-advisories/29-Nov-2025 - SBOM to VEX Proof Pipeline Blueprint.md
StellaOps Bot 18d87c64c5 feat: add PolicyPackSelectorComponent with tests and integration 
- Implemented PolicyPackSelectorComponent for selecting policy packs.
- Added unit tests for component behavior, including API success and error handling.
- Introduced monaco-workers type declarations for editor workers.
- Created acceptance tests for guardrails with stubs for AT1–AT10.
- Established SCA Failure Catalogue Fixtures for regression testing.
- Developed plugin determinism harness with stubs for PL1–PL10.
- Added scripts for evidence upload and verification processes.
2025-12-05 21:24:34 +02:00

1.1 KiB
Raw Blame History

29-Nov-2025 · SBOM to VEX Proof Pipeline Blueprint

Why now: The Docs ladder needs a canonical blueprint tying SBOM ingestion to VEX proofs with DSSE/Rekor integration, to unblock downstream module dossier updates.

Scope

  • Describe DSSE → Rekor v2 → VEX linkage with offline verification steps.
  • Capture diagram/stub scripts for proof generation and verification.
  • Define inputs.lock/idempotency rules and chain hash recipe.

Required artefacts (MVP for DONE)

  • Diagram placeholder (docs/diagrams/sbom-vex-blueprint.svg reserved) and script stub path docs/scripts/sbom-vex/verify.sh (offline, deterministic sorting/hashes).
  • Cross-links in docs/modules/platform/architecture-overview.md and sprint row 16 completion evidence.

Determinism & Offline

  • Sorted canonical inputs before hashing; UTC timestamps only when unavoidable, otherwise derive from content.
  • No network calls; use bundled Rekor root + mirror snapshot for verification examples.

Next actions

  • Land the stub diagram/script placeholders and log completion in the sprint Execution Log.