Complete TASK-5 source coverage audit and archive all 20 finished sprints

Add docs/modules/concelier/source-coverage.md with 70-source audit (33/70 connectors implemented, P1 fully covered, 9 P2 gaps identified). Archive all 20 completed sprints from docs/implplan/ to docs-archived/. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 09:58:33 +03:00
parent 16c31f3303
commit 071209a2ae
22 changed files with 185 additions and 4 deletions
--- a/docs/modules/concelier/source-coverage.md
+++ b/docs/modules/concelier/source-coverage.md
@@ -0,0 +1,180 @@
+# Advisory Source Connector Coverage Matrix
+
+Last updated: 2026-04-06
+
+## Summary
+
+| Metric | Count |
+|--------|-------|
+| Total sources defined | 70 |
+| Connectors implemented | 33 |
+| Coverage rate | 47% |
+| Missing connectors | 37 |
+
+## Coverage by Category
+
+### Primary Databases (6/6 — 100%)
+
+| Source | Display Name | Connector | Status |
+|--------|-------------|-----------|--------|
+| nvd | NVD (NIST) | `Connector.Nvd` | Complete |
+| osv | OSV (Google) | `Connector.Osv` | Complete |
+| ghsa | GitHub Security Advisories | `Connector.Ghsa` | Complete |
+| cve | CVE.org (MITRE) | `Connector.Cve` | Complete |
+| epss | EPSS (FIRST) | `Connector.Epss` | Complete |
+| kev | CISA KEV | `Connector.Kev` | Complete |
+
+### Linux Distributions (7/10 — 70%)
+
+| Source | Display Name | Connector | Status |
+|--------|-------------|-----------|--------|
+| debian | Debian Security | `Connector.DistroDebian` | Complete |
+| ubuntu | Ubuntu Security | `Connector.DistroUbuntu` | Complete |
+| alpine | Alpine Security | `Connector.DistroAlpine` | Complete |
+| suse | SUSE Security | `Connector.DistroSuse` | Complete |
+| rhel | RHEL Security | `Connector.RedHat` | Complete |
+| astra | Astra Linux | `Connector.DistroAstra` | Complete |
+| centos | CentOS Security | — | **Missing (P2)** |
+| fedora | Fedora Security | — | **Missing (P2)** |
+| arch | Arch Security | — | Missing (P3) |
+| gentoo | Gentoo Security | — | Missing (P3) |
+
+### Vendor Advisories (5/11 — 45%)
+
+| Source | Display Name | Connector | Status |
+|--------|-------------|-----------|--------|
+| oracle | Oracle Security | `Connector.VndrOracle` | Complete |
+| apple | Apple Security | `Connector.VndrApple` | Complete |
+| cisco | Cisco Security | `Connector.VndrCisco` | Complete |
+| vmware | VMware Security | `Connector.Vmware` | Complete |
+| redhat | Red Hat Security | `Connector.RedHat` | Complete |
+| microsoft | Microsoft MSRC | — | **Missing (P2)** |
+| amazon | Amazon Linux Security | — | **Missing (P2)** |
+| google | Google Security | — | **Missing (P2)** |
+| fortinet | Fortinet PSIRT | — | Missing (P3) |
+| juniper | Juniper Security | — | Missing (P3) |
+| paloalto | Palo Alto Security | — | Missing (P3) |
+
+### Language Ecosystems (0/9 — 0%)
+
+Ecosystem advisories are currently routed through OSV/GHSA. Direct connectors would add faster ingestion and richer metadata.
+
+| Source | Display Name | Priority | Status |
+|--------|-------------|----------|--------|
+| npm | npm Advisories | **P2** | Missing |
+| pypi | PyPI Advisories | **P2** | Missing |
+| maven | Maven Advisories | **P2** | Missing |
+| go | Go Advisories | **P2** | Missing |
+| rubygems | RubyGems Advisories | P3 | Missing |
+| nuget | NuGet Advisories | P3 | Missing |
+| crates | Crates.io Advisories | P3 | Missing |
+| packagist | Packagist Advisories | P3 | Missing |
+| hex | Hex.pm Advisories | P3 | Missing |
+
+### Cloud Providers (0/3 — 0%)
+
+| Source | Display Name | Priority | Status |
+|--------|-------------|----------|--------|
+| aws | AWS Security Bulletins | P3 | Missing |
+| azure | Azure Security Advisories | P3 | Missing |
+| gcp | GCP Security Bulletins | P3 | Missing |
+
+### National CERTs (7/13 — 54%)
+
+| Source | Display Name | Connector | Status |
+|--------|-------------|-----------|--------|
+| us-cert | CISA (US-CERT) | `Connector.IcsCisa` | Complete |
+| cert-fr | CERT-FR (France) | `Connector.CertFr` | Complete |
+| cert-de | CERT-Bund (Germany) | `Connector.CertBund` | Complete |
+| jpcert | JPCERT/CC (Japan) | `Connector.Jvn` | Complete |
+| krcert | KrCERT (South Korea) | `Connector.Kisa` | Complete |
+| cert-in | CERT-In (India) | `Connector.CertIn` | Complete |
+| fstec-bdu | FSTEC BDU (Russia) | `Connector.RuBdu` | Complete |
+| nkcki | NKCKI (Russia) | `Connector.RuNkcki` | Complete |
+| cert-at | CERT.at (Austria) | — | Missing (P4) |
+| cert-be | CERT.be (Belgium) | — | Missing (P4) |
+| cert-ch | NCSC-CH (Switzerland) | — | Missing (P4) |
+| cert-eu | CERT-EU | — | Missing (P4) |
+| cert-ua | CERT-UA (Ukraine) | — | Missing (P4) |
+
+### ICS/SCADA (2/3)
+
+| Source | Display Name | Connector | Status |
+|--------|-------------|-----------|--------|
+| kaspersky-ics | Kaspersky ICS-CERT | `Connector.IcsKaspersky` | Complete |
+| us-cert | CISA ICS | `Connector.IcsCisa` | Complete |
+| siemens | Siemens ProductCERT | — | Missing (P3) |
+
+### Exploit Databases (0/3 — 0%)
+
+| Source | Display Name | Priority | Status |
+|--------|-------------|----------|--------|
+| exploitdb | Exploit-DB | P3 | Missing |
+| poc-github | PoC-in-GitHub | P3 | Missing |
+| metasploit | Metasploit Modules | P3 | Missing |
+
+### Container/Supply Chain (0/2 — 0%)
+
+| Source | Display Name | Priority | Status |
+|--------|-------------|----------|--------|
+| docker-official | Docker Official CVEs | P3 | Missing |
+| chainguard | Chainguard Advisories | P3 | Missing |
+
+### Hardware/Firmware (0/3 — 0%)
+
+| Source | Display Name | Priority | Status |
+|--------|-------------|----------|--------|
+| intel | Intel PSIRT | P3 | Missing |
+| amd | AMD Security | P3 | Missing |
+| arm | ARM Security Center | P3 | Missing |
+
+### Other (remaining)
+
+| Source | Display Name | Connector | Status |
+|--------|-------------|-----------|--------|
+| stella-mirror | StellaOps Mirror | `Connector.StellaMirror` | Complete (internal) |
+| csaf | CSAF Aggregator | — | Missing (P3) |
+| csaf-tc | CSAF TC Trusted Publishers | — | Missing (P4) |
+| vex | VEX Hub | — | Missing (P4) |
+| mitre-attack | MITRE ATT&CK | — | Missing (P4) |
+| mitre-d3fend | MITRE D3FEND | — | Missing (P4) |
+| rustsec | RustSec Advisory DB | — | Missing (P3) |
+| pypa | PyPA Advisory DB | — | Missing (P3) |
+| govuln | Go Vuln DB | — | Missing (P3) |
+| bundler-audit | Ruby Advisory DB | — | Missing (P3) |
+| auscert | AusCERT (Australia) | — | Missing (P4) |
+| cert-pl | CERT.PL (Poland) | — | Missing (P4) |
+
+---
+
+## Priority Breakdown
+
+### P2 — High Value (9 missing)
+
+These are the most impactful gaps for enterprise deployments:
+
+1. **microsoft** — MSRC advisories cover Windows/Office/Azure; major gap for Windows-heavy estates
+2. **amazon** — Amazon Linux is the default ECS/EKS base image
+3. **google** — Android/Chrome/Cloud advisories
+4. **centos** — Still widely deployed in legacy estates
+5. **fedora** — Upstream for RHEL; early-warning value
+6. **npm** — Largest package ecosystem by count
+7. **pypi** — Fastest-growing ecosystem for ML/data workloads
+8. **maven** — Dominant in enterprise Java
+9. **go** — Growing in cloud-native infrastructure
+
+### P3 — Vendor/Infrastructure (19 missing)
+
+Network vendors (fortinet, juniper, paloalto), cloud providers (aws, azure, gcp), exploit DBs, container sources, hardware vendors, niche ecosystems.
+
+### P4 — Niche/Regional (10 missing)
+
+European CERTs, CSAF/VEX federation, threat intelligence frameworks.
+
+---
+
+## Notes
+
+- Language ecosystem sources (npm, pypi, maven, go) are partially covered via OSV aggregation. Direct connectors would provide faster ingestion and richer package metadata.
+- CentOS advisories may be coverable via the existing RedHat connector with minor adaptation.
+- CSAF connector would unlock a large number of vendor advisories via the CSAF trusted provider network.