Files
security-evidence-demo/README.md
T
reynold 8b6e3b4919 feat: seed Lariza feature demonstration
Add synthetic fixtures and proposed policy contracts for safely demonstrating future Lariza capabilities.

Assisted-by: Codex: GPT-5.6
2026-07-18 20:21:38 +08:00

13 lines
553 B
Markdown

# Security evidence demo
This repository contains small, synthetic evidence files for developing Lariza
ingestion, triage, pull-request summaries, and merge policies.
- `sample.sarif.json`: one safe static-analysis finding.
- `sbom.cdx.json`: a minimal CycloneDX inventory.
- `junit.xml`: one passing and one skipped test.
- `secret-findings.json`: redacted evidence with no usable credential.
No scanner runs here. The goal is to normalize external evidence, establish
trusted publisher identity, explain policy outcomes, and test retention/export.