Add synthetic fixtures and proposed policy contracts for safely demonstrating future Lariza capabilities. Assisted-by: Codex: GPT-5.6
13 lines
553 B
Markdown
13 lines
553 B
Markdown
# Security evidence demo
|
|
|
|
This repository contains small, synthetic evidence files for developing Lariza
|
|
ingestion, triage, pull-request summaries, and merge policies.
|
|
|
|
- `sample.sarif.json`: one safe static-analysis finding.
|
|
- `sbom.cdx.json`: a minimal CycloneDX inventory.
|
|
- `junit.xml`: one passing and one skipped test.
|
|
- `secret-findings.json`: redacted evidence with no usable credential.
|
|
|
|
No scanner runs here. The goal is to normalize external evidence, establish
|
|
trusted publisher identity, explain policy outcomes, and test retention/export.
|