stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
ffa219cfeb14dd829306425a19637d8d1d318c95
git.stella-ops.org/tests/Vex/ProofBundles/sample-proof-bundle.json
StellaOps Bot 4dc7cf834a
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Console CI / console-ci (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
VEX Proof Bundles / verify-bundles (push) Has been cancelled
Details
Add sample proof bundle configurations and verification script 
- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`.
- Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs.
- Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details.
- Enhanced evidence entries with expiration dates and hashes for better integrity checks.
- Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
2025-12-04 08:54:32 +02:00

127 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "urn:stellaops:proofbundle:sample-hello-1",
"version": "1.0.0",
"created_at": "2025-12-04T00:00:00Z",
"created_by": "StellaOps QA Guild",
"graph": {
"hash": "blake3:74640754695e6e5cda4156a0ef1fd3a557d802ef118fef8afaed67089cd39cb1",
"dsse": {
"path": "tests/Vex/ProofBundles/cas/graph.json.dsse.json",
"sha256": "sha256:3bb1dc6af5c974635ed387fdf938f5a983c370d77d01a032aa63f5407efcfc7f",
"payload_sha256": "sha256:34d8051bb97bd3c034e6a2221474ce2faaaca59357721fa1b47df88a281d057b"
}
},
"openvex": {
"path": "tests/Vex/ProofBundles/openvex-sample.json",
"statement_id": "urn:stellaops:vex:statement:sample-hello-1",
"canonical_sha256": "sha256:94063a78cc1b0ce363941467c8e67e368c11de4d82625c2cf05cedd773257a3e",
"canonical_blake3": "blake3:03504f2b1c3b29870851baebc9e6658b76af2e92620767089cecb4c20072d84b",
"serialization": "canonical-json"
},
"justification": {
"id": "VEX1.vulnerable_code_not_present",
"dsse": {
"path": "docs/benchmarks/vex-justifications.catalog.dsse.json",
"sha256": "sha256:7df3cbd970bc851b51ce35ff1c61f927b62fe3514e5ff6313a5bad26d675b0c7"
}
},
"entrypoints": [
{
"id": "app://api/GET-/healthz",
"coverage_percent": 96.3,
"negative_tests": true,
"config_hash": "sha256:bb490ce4cde60768e2b61571bbe448290e4256d2d930adea0ee24c07e5c63dbc",
"flags_hash": "sha256:d060ab8cdf75aeda6363bcc6de495e27b53c9d5938d97f5492e864681d8cbe53"
},
{
"id": "app://worker/queue/default",
"coverage_percent": 95.1,
"negative_tests": true,
"config_hash": "sha256:bb490ce4cde60768e2b61571bbe448290e4256d2d930adea0ee24c07e5c63dbc",
"flags_hash": "sha256:d060ab8cdf75aeda6363bcc6de495e27b53c9d5938d97f5492e864681d8cbe53"
}
],
"evidence": [
{
"type": "graph",
"cas_uri": "cas://graph.json",
"hash": "blake3:74640754695e6e5cda4156a0ef1fd3a557d802ef118fef8afaed67089cd39cb1",
"dsse": {
"path": "tests/Vex/ProofBundles/cas/graph.json.dsse.json",
"sha256": "sha256:3bb1dc6af5c974635ed387fdf938f5a983c370d77d01a032aa63f5407efcfc7f"
},
"expires_at": "2026-12-31T00:00:00Z"
},
{
"type": "coverage",
"cas_uri": "cas://coverage.json",
"hash": "sha256:422f9840d6facaae093d6496eeac472e10b19519854953454107c1b14945f510",
"dsse": {
"path": "tests/Vex/ProofBundles/cas/coverage.json.dsse.json",
"sha256": "sha256:606864d2165b9ddfea664dca36318616e5ea575e2e96e7fa2bc204cc3f79fe2f"
},
"expires_at": "2026-06-30T00:00:00Z"
},
{
"type": "runtime_trace",
"cas_uri": "cas://runtime-trace.ndjson",
"hash": "sha256:c0a91f645b899e4572ec24603916cdfe982934f47ebdaec2ef67ee9303568a77",
"expires_at": "2026-06-30T00:00:00Z"
},
{
"type": "negative_test",
"cas_uri": "cas://negative-tests.ndjson",
"hash": "sha256:09efda057796b8f0f0fa001505d9e684cf04e05ac8e3c6fe24476a367bb78aaa",
"expires_at": "2026-06-30T00:00:00Z"
},
{
"type": "config",
"cas_uri": "cas://config.lock",
"hash": "sha256:bb490ce4cde60768e2b61571bbe448290e4256d2d930adea0ee24c07e5c63dbc",
"expires_at": "2026-03-31T00:00:00Z"
},
{
"type": "flags",
"cas_uri": "cas://flags.json",
"hash": "sha256:d060ab8cdf75aeda6363bcc6de495e27b53c9d5938d97f5492e864681d8cbe53",
"expires_at": "2026-03-31T00:00:00Z"
}
],
"reevaluation": {
"on_sbom_change": true,
"on_graph_change": true,
"on_runtime_change": true,
"ttl_days": 30
},
"rbac": {
"roles_allowed": [
"vex-author",
"policy-admin"
],
"approvals_required": 2,
"enforcement": "policy+signer"
},
"uncertainty": {
"state": "U1-low",
"entropy": 0.08,
"notes": "Coverage >95% and negative tests clean; runtime probes match reachability graph."
},
"policy": {
"decision": "not_affected",
"decision_reason": "vulnerable_code_not_present",
"openvex_serialization": "canonical-json",
"canonical_encoding": "JCS"
},
"signatures": [
{
"type": "dsse",
"key_id": "demo-root",
"sig": "C3miJFhDRdNTxnBJSXSKeiilqTaF44poXV3GHAjfVxQ=",
"envelope_digest": "sha256:cacd00d318a3f0b3f579f57322619f99e772cced0c2a7bf14a684c6ce55da7b4",
"rekor_log_id": "demo-log",
"rekor_entry_uuid": "demo-entry-0001",
"transparency_checkpoint": "checkpoint-demo"
}
]
}
Reference in New Issue View Git Blame Copy Permalink