stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
fa4a98dfef353e6065bb8daaa43c05943205fd49
git.stella-ops.org/docs/modules/ui/operations/forensics.md
master 4789027317 docs consolidation and others
2026-01-06 19:07:48 +02:00

1.4 KiB
Raw Blame History

Console Forensics and Evidence Review

This document describes how the Console supports forensic review of decisions: timelines, evidence viewing, attestation verification, and audit exports.

Timeline Explorer

The timeline view should enable:

  • Filtering by tenant, artifact, finding, and time window
  • Drill-down from a verdict to its evidence objects (SBOM slice, VEX observation/linkset, reachability proof, policy explain trace)
  • Visibility into operator actions (triage actions, exceptions, approvals) as append-only events

Evidence Viewer

Evidence viewing should prioritize:

  • Clear provenance (issuer identity, timestamps, digests)
  • Verification state (signature verified/failed/unknown)
  • Deterministic identifiers so auditors can replay and compare

Attestation Verification

When presenting attestations (DSSE/in-toto):

  • Display verification status and key identity
  • Link to transparency log proof when configured
  • Allow exporting the DSSE envelope and the referenced artifacts

Export / Verify Workflows

Exports are the bridge between online and offline review:

  • Exports should be deterministic (stable ordering, UTC timestamps).
  • Export bundles should include integrity metadata (digests) so offline reviewers can verify without trusting a live service.

References

  • Console operator guide: docs/UI_GUIDE.md
  • Offline Kit: docs/OFFLINE_KIT.md
  • Vulnerability Explorer guide (triage model): docs/VULNERABILITY_EXPLORER_GUIDE.md