579236bfce
- Created StellaOps.Notify.Storage.Mongo project with initial configuration. - Added expected output files for acceptance tests (at1.txt to at10.txt). - Added fixture input files for acceptance tests (at1 to at10). - Created input and signature files for test cases fc1 to fc5.
23 lines
783 B
Markdown
23 lines
783 B
Markdown
# SBOM Vulnerability Resolution (Md.XI draft)
|
|
|
|
> Status: DRAFT — pending export/advisory integration and GRAP0101 field freeze.
|
|
|
|
## Scope
|
|
- Version semantics, scope, paths, safe version hints for SBOM components in Vuln Explorer.
|
|
- Deterministic examples with hashes in `docs/assets/vuln-explorer/SHA256SUMS`.
|
|
|
|
## Dependencies
|
|
- Advisory integration (DOCS-VULN-29-008).
|
|
- GRAP0101 identifiers.
|
|
|
|
## Outline
|
|
- Component resolution (purl, NEVRA); scope (prod/dev/test).
|
|
- Path specificity and deduping rules.
|
|
- Safe version hints and policy overlays.
|
|
|
|
### Hash Capture Checklist (when inputs ready)
|
|
- `assets/vuln-explorer/sbom-component-resolution.json`
|
|
- `assets/vuln-explorer/sbom-path-dedupe.json`
|
|
- `assets/vuln-explorer/safe-version-hints.json`
|
|
_Last updated: 2025-12-05 (UTC)_
|