reynold 8b6e3b4919 feat: seed Lariza feature demonstration
Add synthetic fixtures and proposed policy contracts for safely demonstrating future Lariza capabilities.

Assisted-by: Codex: GPT-5.6
2026-07-18 20:21:38 +08:00

Security evidence demo

This repository contains small, synthetic evidence files for developing Lariza ingestion, triage, pull-request summaries, and merge policies.

  • sample.sarif.json: one safe static-analysis finding.
  • sbom.cdx.json: a minimal CycloneDX inventory.
  • junit.xml: one passing and one skipped test.
  • secret-findings.json: redacted evidence with no usable credential.

No scanner runs here. The goal is to normalize external evidence, establish trusted publisher identity, explain policy outcomes, and test retention/export.

S
Description
Safe SARIF, SBOM, test-result, and vulnerability-policy fixtures.
Readme
27 KiB
Languages
Go 100%