41 lines
3.0 KiB
Markdown
41 lines
3.0 KiB
Markdown
# Unified Evidence Endpoint (Single API for Complete Evidence Panel)
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Single API endpoint that returns all evidence tabs for a finding in one call (replacing 6 separate API calls). Includes manifest hashes for determinism verification, green/red verification status, and evidence bundle download as ZIP/TAR.
|
|
|
|
## Implementation Details
|
|
- **Unified Evidence Service**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/UnifiedEvidenceService.cs` - `UnifiedEvidenceService` composing all evidence tabs (vulnerability, reachability, VEX, SBOM, policy, attestation) into a single response
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/IUnifiedEvidenceService.cs` - Interface for unified evidence composition
|
|
- **Evidence Endpoints**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/EvidenceEndpoints.cs` - `EvidenceEndpoints` single REST endpoint returning complete evidence panel
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaEvidenceEndpoints.cs` - Delta evidence for SmartDiff comparisons
|
|
- **Evidence Bundle Export**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceBundleExporter.cs` - `EvidenceBundleExporter` packaging evidence as downloadable ZIP/TAR archives
|
|
- **Replay Command**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/ReplayCommandService.cs` - `ReplayCommandService` generating replay commands for determinism verification
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/ReplayCommandContracts.cs` - Replay command API contracts
|
|
- **Contracts**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/UnifiedEvidenceContracts.cs` - API contracts for unified evidence response with manifest hashes and verification status
|
|
- **Evidence Models**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Models/EvidenceBundle.cs` - `EvidenceBundle` model for packaged evidence
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Privacy/EvidenceRedactionService.cs` - `EvidenceRedactionService` redacting sensitive data before export
|
|
- **Tests**:
|
|
- `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/UnifiedEvidenceServiceTests.cs` - Unified evidence service tests
|
|
- `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/EvidenceCompositionServiceTests.cs` - Composition tests
|
|
- `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/ReplayCommandServiceTests.cs` - Replay command tests
|
|
|
|
## E2E Test Plan
|
|
- [ ] Query the unified evidence endpoint for a finding and verify all evidence tabs (vulnerability, reachability, VEX, SBOM, policy, attestation) are returned in a single response
|
|
- [ ] Verify manifest hashes are included in the response for determinism verification
|
|
- [ ] Verify green/red verification status correctly reflects whether evidence passes verification checks
|
|
- [ ] Download evidence bundle as ZIP and verify it contains all evidence artifacts
|
|
- [ ] Verify the replay command in the response can be executed to reproduce the same evidence
|
|
- [ ] Verify `EvidenceRedactionService` correctly removes sensitive data from exported evidence bundles
|