git.stella-ops.org/docs/vex/explorer-integration.md

# VEX Explorer Integration (Md.XI draft)

> Status: DRAFT — pending GRAP0101 alignment, CSAF mapping specifics, and CLI examples. Do not publish until hashes recorded.

## Scope
- Map Explorer VEX handling: CSAF ingestion, suppression precedence, status semantics, and integration points with findings.
- Provide deterministic examples; hash payloads/screens in `docs/assets/vuln-explorer/SHA256SUMS`.

## Dependencies
- GRAP0101 contract (field names, identifiers).
- CLI/console assets (due 2025-12-09).
- Policy/VEX mapping rules from Excititor Guild.

## Topics (outline)
- CSAF → internal VEX decision mapping; precedence vs policy overrides.
- Status semantics: NOT_AFFECTED / AFFECTED_* / FIXED; validity windows; VEX-first triage per Vuln Explorer architecture.
- Suppression precedence: VEX decisions take priority over reachability/policy unless explicit override (confirm post-GRAP0101).
- Export/propagation to advisories/CLI/console.

## Determinism
- Use fixed CSAF samples; hash examples.

### Hash Capture Checklist (when assets land)
- `assets/vuln-explorer/vex-csaf-sample.json` (input)
- `assets/vuln-explorer/vex-mapping-output.json` (normalized decisions)
- `assets/vuln-explorer/vex-precedence-table.md` (suppression/precedence matrix)

_Last updated: 2025-12-05 (UTC)_