Unified Evidence Endpoint (Single API for Complete Evidence Panel)

Module

Scanner

Status

IMPLEMENTED

Description

Single API endpoint that returns all evidence tabs for a finding in one call (replacing 6 separate API calls). Includes manifest hashes for determinism verification, green/red verification status, and evidence bundle download as ZIP/TAR.

Implementation Details

Unified Evidence Service:
- src/Scanner/StellaOps.Scanner.WebService/Services/UnifiedEvidenceService.cs - UnifiedEvidenceService composing all evidence tabs (vulnerability, reachability, VEX, SBOM, policy, attestation) into a single response
- src/Scanner/StellaOps.Scanner.WebService/Services/IUnifiedEvidenceService.cs - Interface for unified evidence composition
Evidence Endpoints:
- src/Scanner/StellaOps.Scanner.WebService/Endpoints/EvidenceEndpoints.cs - EvidenceEndpoints single REST endpoint returning complete evidence panel
- src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaEvidenceEndpoints.cs - Delta evidence for SmartDiff comparisons
Evidence Bundle Export:
- src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceBundleExporter.cs - EvidenceBundleExporter packaging evidence as downloadable ZIP/TAR archives
Replay Command:
- src/Scanner/StellaOps.Scanner.WebService/Services/ReplayCommandService.cs - ReplayCommandService generating replay commands for determinism verification
- src/Scanner/StellaOps.Scanner.WebService/Contracts/ReplayCommandContracts.cs - Replay command API contracts
Contracts:
- src/Scanner/StellaOps.Scanner.WebService/Contracts/UnifiedEvidenceContracts.cs - API contracts for unified evidence response with manifest hashes and verification status
Evidence Models:
- src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Models/EvidenceBundle.cs - EvidenceBundle model for packaged evidence
- src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Privacy/EvidenceRedactionService.cs - EvidenceRedactionService redacting sensitive data before export
Tests:
- src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/UnifiedEvidenceServiceTests.cs - Unified evidence service tests
- src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/EvidenceCompositionServiceTests.cs - Composition tests
- src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/ReplayCommandServiceTests.cs - Replay command tests

E2E Test Plan

Query the unified evidence endpoint for a finding and verify all evidence tabs (vulnerability, reachability, VEX, SBOM, policy, attestation) are returned in a single response
Verify manifest hashes are included in the response for determinism verification
Verify green/red verification status correctly reflects whether evidence passes verification checks
Download evidence bundle as ZIP and verify it contains all evidence artifacts
Verify the replay command in the response can be executed to reproduce the same evidence
Verify EvidenceRedactionService correctly removes sensitive data from exported evidence bundles

3.0 KiB Raw Blame History