consolidation of some of the modules, localization fixes, product advisories work, qa work

2026-03-05 03:54:22 +02:00
parent 7bafcc3eef
commit 8e1cb9448d
3878 changed files with 72600 additions and 46861 deletions
--- a/src/Findings/StellaOps.VulnExplorer.Api/Models/AttestationModels.cs
+++ b/src/Findings/StellaOps.VulnExplorer.Api/Models/AttestationModels.cs
@@ -0,0 +1,108 @@
+namespace StellaOps.VulnExplorer.Api.Models;
+
+/// <summary>
+/// In-toto style attestation for vulnerability scan results.
+/// Based on docs/schemas/attestation-vuln-scan.schema.json
+/// </summary>
+public sealed record VulnScanAttestationDto(
+    string Type,
+    string PredicateType,
+    IReadOnlyList<AttestationSubjectDto> Subject,
+    VulnScanPredicateDto Predicate,
+    AttestationMetaDto AttestationMeta);
+
+/// <summary>
+/// Subject of an attestation (artifact that was scanned).
+/// </summary>
+public sealed record AttestationSubjectDto(
+    string Name,
+    IReadOnlyDictionary<string, string> Digest);
+
+/// <summary>
+/// Vulnerability scan result predicate.
+/// </summary>
+public sealed record VulnScanPredicateDto(
+    ScannerInfoDto Scanner,
+    ScannerDbInfoDto? ScannerDb,
+    DateTimeOffset ScanStartedAt,
+    DateTimeOffset ScanCompletedAt,
+    SeverityCountsDto SeverityCounts,
+    FindingReportDto FindingReport);
+
+/// <summary>
+/// Scanner information.
+/// </summary>
+public sealed record ScannerInfoDto(
+    string Name,
+    string Version);
+
+/// <summary>
+/// Vulnerability database information.
+/// </summary>
+public sealed record ScannerDbInfoDto(
+    DateTimeOffset? LastUpdatedAt);
+
+/// <summary>
+/// Count of findings by severity.
+/// </summary>
+public sealed record SeverityCountsDto(
+    int Critical,
+    int High,
+    int Medium,
+    int Low);
+
+/// <summary>
+/// Reference to the full findings report.
+/// </summary>
+public sealed record FindingReportDto(
+    string MediaType,
+    string Location,
+    IReadOnlyDictionary<string, string> Digest);
+
+/// <summary>
+/// Attestation metadata including signer info.
+/// </summary>
+public sealed record AttestationMetaDto(
+    string StatementId,
+    DateTimeOffset CreatedAt,
+    AttestationSignerDto Signer);
+
+/// <summary>
+/// Entity that signed an attestation.
+/// </summary>
+public sealed record AttestationSignerDto(
+    string Name,
+    string KeyId);
+
+/// <summary>
+/// Response for listing attestations.
+/// </summary>
+public sealed record AttestationListResponse(
+    IReadOnlyList<AttestationSummaryDto> Items,
+    string? NextPageToken);
+
+/// <summary>
+/// Summary view of an attestation for listing.
+/// </summary>
+public sealed record AttestationSummaryDto(
+    string Id,
+    AttestationType Type,
+    string SubjectName,
+    IReadOnlyDictionary<string, string> SubjectDigest,
+    string PredicateType,
+    DateTimeOffset CreatedAt,
+    string? SignerName,
+    string? SignerKeyId,
+    bool Verified);
+
+/// <summary>
+/// Attestation type enumeration.
+/// </summary>
+public enum AttestationType
+{
+    VulnScan,
+    Sbom,
+    Vex,
+    PolicyEval,
+    Other
+}