stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/offline-kit-import-and-attestation-verification.md

2.7 KiB
Raw Blame History

Offline Kit Import and Attestation Verification

Module

Scanner

Status

IMPLEMENTED

Description

Offline kit import service and offline attestation verifier with test coverage in Scanner module, enabling verification of DSSE-signed attestations without network access.

Implementation Details

  • Offline Kit Import:
    • src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitImportService.cs - OfflineKitImportService imports offline vulnerability data kits
    • src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitManifestService.cs - OfflineKitManifestService manages offline kit manifests
    • src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitContracts.cs - Contract models for offline kit operations
    • src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitStateStore.cs - State tracking for imported kits
    • src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitMetricsStore.cs - Metrics tracking for import operations
  • Attestation Verification:
    • src/Scanner/StellaOps.Scanner.WebService/Services/IOfflineAttestationVerifier.cs - IOfflineAttestationVerifier interface for verifying DSSE-signed attestations offline
    • src/Scanner/StellaOps.Scanner.WebService/Services/OfflineAttestationVerifier.cs - OfflineAttestationVerifier verifies DSSE signatures without network access using local trust anchors
    • src/Scanner/StellaOps.Scanner.WebService/Services/NullOfflineKitAuditEmitter.cs - Null audit emitter for environments without audit logging
  • API Endpoints:
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/OfflineKitEndpoints.cs - REST endpoints for importing and managing offline kits
  • Configuration:
    • src/Scanner/__Libraries/StellaOps.Scanner.Core/Configuration/OfflineKitOptions.cs - OfflineKitOptions configuration model
    • src/Scanner/__Libraries/StellaOps.Scanner.Core/Configuration/OfflineKitOptionsValidator.cs - Options validation
  • Trust Anchors:
    • src/Scanner/__Libraries/StellaOps.Scanner.Core/TrustAnchors/TrustAnchorRegistry.cs - TrustAnchorRegistry manages local trust anchors for offline verification

E2E Test Plan

  • Import an offline vulnerability kit via the OfflineKitEndpoints and verify it is accepted and stored
  • Verify DSSE-signed attestations within the kit are verified using local trust anchors without network access
  • Verify import of a tampered kit fails attestation verification
  • Verify kit manifest service correctly lists available kits and their status
  • Verify offline kit state tracking records import timestamps and kit versions
  • Verify the scanner operates correctly with offline kit data as its vulnerability source