Adds the SYSINTERNALS_ACCESSCHK material type, which ingests the text
output of the Sysinternals AccessChk tool as supply-chain evidence. The
raw text is stored as-is and projected to JSON at policy-evaluation time
so the Rego engine can evaluate it. A tolerant parser structures both the
compact R/W output and the -l full security descriptor output (owner,
descriptor flags, DACL/SACL ACEs).
Assisted-by: Claude Code
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
Chainloop-Trace-Sessions: b8473948-16f2-4eaa-8f49-ba5b19dfd8ed
Adds a new material type,
SYSINTERNALS_ACCESSCHK, that ingests the text output of the Sysinternals AccessChk tool as supply-chain evidence.AccessChk only emits plain text, so the raw output is stored as-is and projected to JSON at policy-evaluation time (mirroring the existing
JUNIT_XML/JACOCO_XMLhandling) so the Rego policy engine can evaluate it. A tolerant parser structures both the compact R/W output and the-lfull security descriptor output (owner, descriptor flags, DACL/SACL ACEs), while always preserving the original text for string-matching fallbacks.The material type is explicit-only and is not part of automatic detection.
Linear: PFM-6344
This contribution was assisted by Claude Code.