170 lines
4.7 KiB
JSON
170 lines
4.7 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "https://stellaops.dev/schemas/evidence/stellaops-evidence-pack.v1.schema.json",
|
|
"title": "StellaOps Evidence Pack (v1)",
|
|
"description": "Deterministic evidence pack manifest for audit and replay workflows.",
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"_type",
|
|
"packId",
|
|
"generatedAt",
|
|
"tenantId",
|
|
"manifestVersion",
|
|
"contents"
|
|
],
|
|
"properties": {
|
|
"_type": {
|
|
"type": "string",
|
|
"const": "https://stellaops.dev/evidence-pack@v1"
|
|
},
|
|
"packId": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"generatedAt": {
|
|
"type": "string",
|
|
"format": "date-time",
|
|
"description": "UTC timestamp when the pack was assembled."
|
|
},
|
|
"tenantId": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"policyRunId": {
|
|
"type": "string"
|
|
},
|
|
"policyId": {
|
|
"type": "string"
|
|
},
|
|
"policyVersion": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"manifestVersion": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"contents": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"policy": { "$ref": "#/$defs/contentArray" },
|
|
"sbom": { "$ref": "#/$defs/contentArray" },
|
|
"advisories": { "$ref": "#/$defs/contentArray" },
|
|
"vex": { "$ref": "#/$defs/contentArray" },
|
|
"verdicts": { "$ref": "#/$defs/contentArray" },
|
|
"reachability": { "$ref": "#/$defs/contentArray" },
|
|
"attestations": { "$ref": "#/$defs/contentArray" }
|
|
}
|
|
},
|
|
"statistics": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"totalFiles": { "type": "integer", "minimum": 0 },
|
|
"totalSize": { "type": "integer", "minimum": 0 },
|
|
"componentCount": { "type": "integer", "minimum": 0 },
|
|
"findingCount": { "type": "integer", "minimum": 0 },
|
|
"verdictCount": { "type": "integer", "minimum": 0 },
|
|
"advisoryCount": { "type": "integer", "minimum": 0 },
|
|
"vexStatementCount": { "type": "integer", "minimum": 0 }
|
|
}
|
|
},
|
|
"determinismHash": {
|
|
"type": "string",
|
|
"pattern": "^sha256:[0-9a-f]{64}$"
|
|
},
|
|
"signatures": {
|
|
"type": "array",
|
|
"items": { "$ref": "#/$defs/signature" }
|
|
},
|
|
"transparency": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"rekorEntries": {
|
|
"type": "array",
|
|
"items": { "$ref": "#/$defs/rekorEntry" }
|
|
}
|
|
}
|
|
},
|
|
"timestamps": {
|
|
"type": "array",
|
|
"items": { "$ref": "#/$defs/timestampEntry" }
|
|
}
|
|
},
|
|
"$defs": {
|
|
"contentArray": {
|
|
"type": "array",
|
|
"items": { "$ref": "#/$defs/contentEntry" }
|
|
},
|
|
"contentEntry": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": ["path", "digest", "size", "mediaType"],
|
|
"properties": {
|
|
"path": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"digest": {
|
|
"type": "string",
|
|
"pattern": "^(sha256|sha384|sha512):[0-9a-f]{64,128}$"
|
|
},
|
|
"size": {
|
|
"type": "integer",
|
|
"minimum": 0
|
|
},
|
|
"mediaType": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"capturedAt": {
|
|
"type": "string",
|
|
"format": "date-time"
|
|
},
|
|
"attributes": {
|
|
"type": "object",
|
|
"additionalProperties": { "type": "string" }
|
|
}
|
|
}
|
|
},
|
|
"signature": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": ["keyId", "algorithm", "signature", "signedAt"],
|
|
"properties": {
|
|
"keyId": { "type": "string", "minLength": 1 },
|
|
"algorithm": { "type": "string", "minLength": 1 },
|
|
"signature": { "type": "string", "minLength": 1 },
|
|
"signedAt": { "type": "string", "format": "date-time" }
|
|
}
|
|
},
|
|
"rekorEntry": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": ["uuid", "logIndex"],
|
|
"properties": {
|
|
"uuid": { "type": "string", "minLength": 1 },
|
|
"logIndex": { "type": "integer", "minimum": 0 },
|
|
"rootHash": { "type": "string" },
|
|
"inclusionProofPath": { "type": "string" },
|
|
"logUrl": { "type": "string" }
|
|
}
|
|
},
|
|
"timestampEntry": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": ["tokenPath", "hashAlgorithm"],
|
|
"properties": {
|
|
"tokenPath": { "type": "string", "minLength": 1 },
|
|
"hashAlgorithm": { "type": "string", "minLength": 1 },
|
|
"signedAt": { "type": "string", "format": "date-time" },
|
|
"tsaName": { "type": "string" },
|
|
"tsaUrl": { "type": "string" }
|
|
}
|
|
}
|
|
}
|
|
}
|