Evidence Layer¶
ca9's agentic path starts with a strict evidence layer. Agents can summarize, rank, and ask follow-up questions, but every claim should trace back to structured evidence from a repository, scanner, runtime trace, artifact, or human review.
The first generic evidence input is SARIF 2.1.0 because it is the standard exchange format used by many static-analysis and security tools. CodeQL, Semgrep, Trivy, and many CI security dashboards can either emit or consume SARIF.
The output schema is ca9.evidence.v1 and contains:
tool_runs: source tool name, version, URI, and result count.findings: normalizedFinding,RiskSignal, andEvidencerecords.summary: finding counts by severity and signal type.metadata: source format and version.
Each normalized finding preserves:
- Source file and parser provenance.
- SARIF run and result indexes.
- Tool name and version.
- Rule ID, descriptions, tags, precision, and security severity.
- Primary file location, line, and column where available.
- SARIF fingerprints and partial fingerprints where available.
Agentic Workflow¶
The evidence layer is intentionally below the agent layer:
- Run scanners and analyzers in a scoped repository or lab target.
- Normalize their output with
ca9 ingest-sarifor future evidence adapters. - Let agents triage only the normalized evidence plus bounded code context.
- Require agents to produce report claims that cite evidence fingerprints, locations, and tool provenance.
- Add human review, regression tests, fixes, and disclosure artifacts on top.
This keeps the system useful for vulnerability research without letting agent narratives replace reproducible data.
Execution Plan¶
Phase 1 is the evidence foundation:
- SARIF ingestion for CodeQL, Semgrep, Trivy, and other static-analysis tools.
- MCP access through
ingest_sariffor AI clients. - Stable finding fingerprints for deduplication and later baselines.
Phase 2 should add tool runners and native adapters:
- CodeQL database/query orchestration.
- Semgrep rulesets and custom rule packs.
- OSV-Scanner and SafeDep/vet JSON ingestion.
- TruffleHog and Gitleaks secret evidence.
- Syft/Grype/Trivy SBOM and container evidence.
Phase 3 should add agent taskflows:
- Scope and rules-of-engagement task.
- Attack-surface map task.
- Static-analysis triage task.
- Reachability and exploit-path validation task.
- Report and remediation task.