1.7 KiB
1.7 KiB
Export Center Risk Bundle Builder
Module
ExportCenter
Status
IMPLEMENTED
Description
Generates signed risk bundles aggregating vulnerability findings, VEX decisions, and policy evaluations into portable, DSSE-signed export artifacts for compliance reporting and auditor handoff.
Implementation Details
- Risk bundle builder:
src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleBuilder.cs-- aggregates findings, VEX decisions, and policy evaluations into portable bundles - Risk bundle models:
src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleModels.cs-- bundle data models - Risk bundle signing:
src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleSigning.cs-- DSSE signing for risk bundles - Risk bundle job:
src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleJob.cs-- async job for bundle generation - Object store:
src/ExportCenter/StellaOps.ExportCenter.RiskBundles/RiskBundleObjectStore.cs,FileSystemRiskBundleObjectStore.cs-- bundle storage - Job handler:
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/RiskBundle/RiskBundleJobHandler.cs-- processes risk bundle jobs - Attestation service:
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/Attestation/ExportAttestationService.cs-- DSSE attestations for exports - Source: SPRINT_0163_0001_0001_exportcenter_ii.md
E2E Test Plan
- Verify risk bundle builder aggregates vulnerability findings correctly
- Test DSSE signing produces valid signed bundles
- Verify bundle includes VEX decisions and policy evaluations
- Test async job processing for large bundles
- Verify bundle storage and retrieval via object store