save checkpoint
This commit is contained in:
master
@@ -1,35 +0,0 @@
|
||||
# Binary Intelligence Engine (Function-Level Code Fingerprinting)
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Function-level binary code fingerprinting with symbol recovery for stripped binaries, vulnerable function matching against a fingerprint corpus, and source-to-binary correlation. Extends existing binary fingerprint capabilities with intelligence-grade analysis for entrypoint-scoped binary reachability.
|
||||
|
||||
## Implementation Details
|
||||
- **Core Analyzer**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/BinaryIntelligenceAnalyzer.cs` - Main analyzer for function-level binary code fingerprinting
|
||||
- **Symbol Recovery**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/ISymbolRecovery.cs` - Interface for recovering symbols from stripped binaries
|
||||
- **Fingerprint Index**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/IFingerprintIndex.cs` - Interface for fingerprint corpus lookup
|
||||
- **Vulnerable Function Matching**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/VulnerableFunctionMatcher.cs` - Matches binary functions against known vulnerable function fingerprints
|
||||
- **Analysis Results**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/BinaryAnalysisResult.cs` - Result models for binary intelligence analysis
|
||||
- **Risk Scoring**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Risk/IRiskScorer.cs` - Risk scorer integrating binary intelligence into entrypoint risk assessment
|
||||
- **Worker Integration**:
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/EntryTraceExecutionService.cs` - Executes entry trace analysis including binary intelligence during scan
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/IEntryTraceExecutionService.cs` - Interface for entry trace execution
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan a container image containing stripped ELF binaries and verify symbol recovery identifies function boundaries
|
||||
- [ ] Verify fingerprint matching identifies known library functions in the binary via the `IFingerprintIndex`
|
||||
- [ ] Scan an image with a binary containing a known vulnerable function and verify `VulnerableFunctionMatcher` flags it
|
||||
- [ ] Verify binary intelligence results include source-to-binary correlation where debug info is available
|
||||
- [ ] Verify binary analysis results appear in the entry trace response via `GET /api/v1/scans/{scanId}/entry-trace`
|
||||
- [ ] Verify binary-level reachability findings contribute to the overall risk score
|
||||
@@ -1,46 +0,0 @@
|
||||
# Binary SBOM and Build-ID to PURL Mapping
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Binary call graph extraction, patch verification with signature stores and evidence models, and binary index service extensions for the scanner worker.
|
||||
|
||||
## Implementation Details
|
||||
- **Binary Call Graph Extraction**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/BinaryCallGraphExtractor.cs` - Extracts call graphs from native binaries
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/DependencyInjection/CallGraphServiceCollectionExtensions.cs` - DI registration
|
||||
- **Patch Verification**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/IPatchVerificationOrchestrator.cs` - Orchestrator interface
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/PatchVerificationOrchestrator.cs` - Orchestrates patch verification workflow
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/IPatchSignatureStore.cs` - Interface for patch signature storage
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/InMemoryPatchSignatureStore.cs` - In-memory signature store implementation
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/EvidenceIdGenerator.cs` - Generates evidence IDs for patch verification results
|
||||
- **Patch Verification Models**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationResult.cs` - Result model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationEvidence.cs` - Evidence model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationContext.cs` - Context model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationStatus.cs` - Status enum
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationOptions.cs` - Options
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/DsseEnvelopeRef.cs` - DSSE envelope reference
|
||||
- **Worker Integration**:
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Extensions/BinaryIndexServiceExtensions.cs` - `BinaryIndexServiceExtensions` registering `IBinaryVulnerabilityService`, `IBinaryFeatureExtractor`
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/BinaryLookupStageExecutor.cs` - Binary lookup stage during scan
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/BinaryVulnerabilityAnalyzer.cs` - Binary vulnerability analysis
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/BinaryFindingMapper.cs` - Maps binary findings to unified finding model
|
||||
- **Build-ID Index**:
|
||||
- `src/Scanner/StellaOps.Scanner.Analyzers.Native/Index/OfflineBuildIdIndex.cs` - Offline build-ID to PURL index
|
||||
- `src/Scanner/StellaOps.Scanner.Analyzers.Native/Index/IBuildIdIndex.cs` - Interface for build-ID index
|
||||
- `src/Scanner/StellaOps.Scanner.Analyzers.Native/Index/BuildIdIndexEntry.cs` - Index entry model
|
||||
- `src/Scanner/StellaOps.Scanner.Analyzers.Native/Index/BuildIdLookupResult.cs` - Lookup result model
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan a container image with native binaries containing ELF build-IDs and verify build-ID to PURL mapping resolves correctly
|
||||
- [ ] Verify binary call graph extraction produces a valid call graph for native binaries via `BinaryCallGraphExtractor`
|
||||
- [ ] Trigger patch verification on a scanned binary and verify `PatchVerificationOrchestrator` produces evidence with status and signature references
|
||||
- [ ] Verify binary vulnerability findings are mapped to the unified finding model and appear in scan results
|
||||
- [ ] Verify the offline build-ID index (`OfflineBuildIdIndex`) can resolve build-IDs without network access
|
||||
- [ ] Export scan results as SBOM and verify binary components include PURL identifiers derived from build-ID mapping
|
||||
@@ -1,30 +0,0 @@
|
||||
# Bug ID to CVE Mapping in Changelog Parsing
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Regex-based extraction of bug tracker references (Debian "Closes: #123456", RHBZ#123456, Launchpad "LP: #123456") from changelogs, with cross-reference to CVE IDs for Tier 2 backport evidence.
|
||||
|
||||
## Implementation Details
|
||||
- **Changelog Parsing (OS Analyzers)**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Rpm/RpmPackageAnalyzer.cs` - RPM package analyzer with changelog parsing
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Rpm/Internal/RpmHeaderParser.cs` - Parses RPM headers including changelog entries
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Rpm/Internal/RpmHeader.cs` - RPM header model with changelog tags
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Rpm/Internal/RpmTags.cs` - RPM tag definitions including changelog-related tags
|
||||
- **Pedigree & Commit Mapping**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Pedigree/FeedserPedigreeDataProvider.cs` - Provides pedigree data including changelog-derived CVE references
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Pedigree/CommitInfoBuilder.cs` - Builds commit info with bug tracker cross-references
|
||||
- **Material Changes Integration**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.MaterialChanges/CardGenerators.cs` - Generates material change cards including changelog-derived bug-to-CVE mappings
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan a container image with Debian packages containing changelogs with "Closes: #NNNNNN" references and verify bug IDs are extracted
|
||||
- [ ] Scan an image with RPM packages containing changelogs with RHBZ# references and verify extraction
|
||||
- [ ] Verify extracted bug IDs are cross-referenced to CVE IDs and appear as Tier 2 backport evidence
|
||||
- [ ] Verify the pedigree data includes changelog-derived CVE mappings in the scan report
|
||||
- [ ] Verify material change cards reference changelog bug-to-CVE correlations
|
||||
- [ ] Verify Launchpad "LP: #NNNNNN" references are extracted from Ubuntu package changelogs
|
||||
@@ -1,43 +0,0 @@
|
||||
# Build Provenance Verification Module with SLSA Level Evaluator
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Scanner stage that evaluates SLSA provenance levels (L0-L4) for artifacts, verifies builder identity against trusted builder lists, checks reproducibility claims, and builds provenance chains. Integrates as a dedicated pipeline stage in the scanner worker.
|
||||
|
||||
## Implementation Details
|
||||
- **Core Analyzer**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuildProvenanceAnalyzer.cs` - Main orchestrator for build provenance analysis
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/BuildProvenanceServiceCollectionExtensions.cs` - DI registration
|
||||
- **SLSA Level Evaluation**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/SlsaLevelEvaluator.cs` - Evaluates SLSA provenance levels (L0-L4)
|
||||
- **Builder Verification**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuilderVerifier.cs` - Verifies builder identity against trusted builder lists
|
||||
- **Reproducibility**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/ReproducibilityVerifier.cs` - Checks reproducibility claims
|
||||
- **Provenance Chain**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuildProvenanceChainBuilder.cs` - Builds provenance chains linking build steps
|
||||
- **Additional Verifiers**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuildInputIntegrityChecker.cs` - Verifies integrity of build inputs
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuildConfigVerifier.cs` - Verifies build configuration
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/SourceVerifier.cs` - Verifies source provenance
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Analyzers/BuildProvenancePatternMatcher.cs` - Pattern matching for provenance artifacts
|
||||
- **Policy**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Policy/BuildProvenancePolicyLoader.cs` - Loads build provenance policies
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Policy/BuildProvenancePolicy.cs` - Policy model
|
||||
- **Models**: `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Models/BuildProvenanceModels.cs`
|
||||
- **Reporting**: `src/Scanner/__Libraries/StellaOps.Scanner.BuildProvenance/Reporting/BuildProvenanceReportFormatter.cs`
|
||||
- **Worker Stage**: `src/Scanner/StellaOps.Scanner.Worker/Processing/BuildProvenance/BuildProvenanceStageExecutor.cs`
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan an artifact with SLSA L1 provenance and verify `SlsaLevelEvaluator` assigns level L1
|
||||
- [ ] Scan an artifact with full SLSA L3 provenance (signed, non-falsifiable) and verify level L3 assignment
|
||||
- [ ] Provide a trusted builder list and verify `BuilderVerifier` validates/rejects builder identities
|
||||
- [ ] Scan an artifact with reproducibility claims and verify `ReproducibilityVerifier` validates them
|
||||
- [ ] Verify `BuildProvenanceChainBuilder` links build steps into a verifiable chain
|
||||
- [ ] Verify build provenance findings appear in scan report with SLSA level, builder identity, and chain details
|
||||
- [ ] Scan an artifact with no provenance and verify it is assigned SLSA L0
|
||||
@@ -1,28 +0,0 @@
|
||||
# Bun Call Graph Extractor
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Static call graph extraction for Bun runtime JavaScript/TypeScript codebases, extending the multi-language extractor framework with Bun-specific entrypoint detection and sink matching.
|
||||
|
||||
## Implementation Details
|
||||
- **Call Graph Extractor**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Bun/BunCallGraphExtractor.cs` - Static call graph extraction for Bun runtime codebases
|
||||
- **Entrypoint Detection**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Bun/BunEntrypointClassifier.cs` - Classifies Bun-specific entrypoints (e.g., `Bun.serve`, macros, plugins)
|
||||
- **Sink Matching**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Bun/BunSinkMatcher.cs` - Matches Bun-specific security-sensitive sinks (file I/O, shell exec, FFI, etc.)
|
||||
- **DI Registration**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/DependencyInjection/CallGraphServiceCollectionExtensions.cs`
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan a container image containing a Bun application with `Bun.serve` entrypoints
|
||||
- [ ] Verify call graph extraction produces nodes for Bun-specific entrypoints (HTTP handlers, macros, plugins)
|
||||
- [ ] Verify `BunSinkMatcher` identifies Bun-specific sinks (e.g., `Bun.file`, `Bun.spawn`, `Bun.ffi`)
|
||||
- [ ] Verify the extracted call graph links entrypoints to sinks through the application code
|
||||
- [ ] Verify call graph data is available in reachability analysis via `GET /api/v1/scans/{scanId}/reachability`
|
||||
- [ ] Verify TypeScript and JavaScript files are both analyzed correctly in mixed Bun projects
|
||||
@@ -1,52 +0,0 @@
|
||||
# Bun Language Analyzer
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Full language analyzer for the Bun JavaScript runtime including bun.lockb binary lockfile parser, installed package collector, workspace/monorepo support, scope classification (dev/prod/peer), symlink safety checks, CLI verbs, and WebService endpoints for Worker integration.
|
||||
|
||||
## Implementation Details
|
||||
- **Analyzer Plugin**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/BunAnalyzerPlugin.cs` - Plugin entry point for Bun analyzer
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/BunLanguageAnalyzer.cs` - Main language analyzer implementation
|
||||
- **Lockfile Parsing**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockParser.cs` - Parses `bun.lockb` binary lockfiles
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockData.cs` - Parsed lock data model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockEntry.cs` - Individual lock entry model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockInventory.cs` - Inventory built from lockfile
|
||||
- **Package Collection**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunInstalledCollector.cs` - Collects installed packages from filesystem
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunDeclaredDependencyCollector.cs` - Collects declared dependencies from package.json
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunPackage.cs` - Package model
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunPackageNormalizer.cs` - Package normalization
|
||||
- **Scope & Classification**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunLockScopeClassifier.cs` - Classifies dependencies as dev/prod/peer
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunInputClassification.cs` - Input file classification
|
||||
- **Workspace/Monorepo**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunWorkspaceHelper.cs` - Workspace and monorepo support
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunProjectDiscoverer.cs` - Discovers Bun projects in filesystem
|
||||
- **Input & Config**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunInputNormalizer.cs` - Normalizes input for determinism
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunConfigHelper.cs` - Configuration helpers
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunVersionSpec.cs` - Version specification parsing
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunEvidenceHasher.cs` - Evidence hashing for determinism
|
||||
- **Worker Integration**:
|
||||
- `src/Scanner/StellaOps.Scanner.Worker/Processing/Surface/BunPackageInventoryBuilder.cs` - Builds package inventory during scan
|
||||
- **Storage**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Services/BunPackageInventoryStore.cs` - Package inventory store
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Repositories/BunPackageInventoryRepository.cs` - Repository
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Catalog/BunPackageInventoryDocument.cs` - Document model
|
||||
- **WebService**: `src/Scanner/StellaOps.Scanner.WebService/Contracts/BunContracts.cs` - API contracts for Bun scan results
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Scan a container image containing a Bun project with `bun.lockb` and verify all packages are parsed correctly
|
||||
- [ ] Verify scope classification distinguishes dev, prod, and peer dependencies
|
||||
- [ ] Scan a Bun workspace/monorepo and verify all workspace packages are discovered and analyzed
|
||||
- [ ] Verify installed package collection from node_modules matches lockfile data
|
||||
- [ ] Verify the scan results include PURL identifiers for all Bun packages
|
||||
- [ ] Verify symlink safety checks flag potentially unsafe symlinks in node_modules
|
||||
- [ ] Verify Bun scan results are available via the WebService API contracts
|
||||
@@ -1,34 +0,0 @@
|
||||
# BYOS (Bring Your Own SBOM) Ingestion Workflow
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Allows users to upload externally-generated SBOMs (CycloneDX 1.4-1.6, SPDX 2.3/3.0) via REST API. Includes automatic format detection, schema validation, component normalization, quality scoring (PURL/version/license coverage weighted 40/30/30), SHA-256 digest computation, and automatic scan/analysis triggering. Supports both inline JSON and base64-encoded payloads with CI context metadata.
|
||||
|
||||
## Implementation Details
|
||||
- **Upload Endpoints**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SbomUploadEndpoints.cs` - `SbomUploadEndpoints` for REST upload API
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/SbomEndpoints.cs` - Additional SBOM query endpoints
|
||||
- **Contracts**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/SbomContracts.cs` - `SbomUploadRequestDto`, `SbomUploadResponseDto`, `SbomValidationSummaryDto`, `SbomFormats`, `SbomAncestryDto`, `SbomUploadSourceDto`, `SbomUploadCiContextDto`
|
||||
- **Ingestion Service**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/ISbomIngestionService.cs` - `ISbomIngestionService`, `SbomIngestionResult`, `SbomValidationResult`
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/SbomIngestionService.cs` - Format detection, schema validation, component normalization, quality scoring, digest computation
|
||||
- **BYOS Upload Service**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/SbomByosUploadService.cs` - `ISbomByosUploadService` / `SbomByosUploadService` for external SBOM ingestion
|
||||
- **Upload Store**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/SbomUploadStore.cs` - `ISbomUploadStore`, `InMemorySbomUploadStore`, `SbomUploadRecord`
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Upload a CycloneDX 1.6 JSON SBOM via `POST /api/v1/sbom/upload` with inline JSON payload and verify acceptance
|
||||
- [ ] Upload an SPDX 2.3 SBOM via base64-encoded payload with CI context metadata and verify ingestion
|
||||
- [ ] Verify automatic format detection correctly identifies CycloneDX vs SPDX format
|
||||
- [ ] Verify schema validation rejects an invalid SBOM with appropriate error details
|
||||
- [ ] Verify quality scoring returns PURL/version/license coverage percentages (40/30/30 weighted)
|
||||
- [ ] Verify SHA-256 digest is computed and returned in the response
|
||||
- [ ] Verify automatic scan/analysis is triggered after successful ingestion
|
||||
- [ ] Query the uploaded SBOM status via `GET /api/v1/sbom/uploads/{id}` and verify metadata
|
||||
@@ -1,37 +0,0 @@
|
||||
# Web Gateway Graph Platform Client (Tiles, Search, Paths, Exports)
|
||||
|
||||
## Module
|
||||
Web
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Web gateway client for Graph Platform APIs with tile streaming, search, path queries, export (GraphML/NDJSON/CSV/PNG/SVG), asset snapshots, adjacency queries, and AOC overlay pass-through, all with tenant scoping and RBAC.
|
||||
|
||||
## Implementation Details
|
||||
- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/graph/`
|
||||
- **Components**:
|
||||
- `graph-canvas` (`src/Web/StellaOps.Web/src/app/features/graph/graph-canvas.component.ts`)
|
||||
- `graph-explorer` (`src/Web/StellaOps.Web/src/app/features/graph/graph-explorer.component.ts`)
|
||||
- `graph-filters` (`src/Web/StellaOps.Web/src/app/features/graph/graph-filters.component.ts`)
|
||||
- `graph-hotkey-help` (`src/Web/StellaOps.Web/src/app/features/graph/graph-hotkey-help.component.ts`)
|
||||
- `graph-overlays` (`src/Web/StellaOps.Web/src/app/features/graph/graph-overlays.component.ts`)
|
||||
- `graph-side-panels` (`src/Web/StellaOps.Web/src/app/features/graph/graph-side-panels.component.ts`)
|
||||
- **Services**:
|
||||
- `graph-accessibility` (`src/Web/StellaOps.Web/src/app/features/graph/graph-accessibility.service.ts`)
|
||||
- **Source**: SPRINT_0213_0001_0002_web_ii.md
|
||||
|
||||
## E2E Test Plan
|
||||
- **Setup**:
|
||||
- [ ] Log in with a user that has appropriate permissions
|
||||
- [ ] Navigate to `/graph`
|
||||
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
||||
- **Core verification**:
|
||||
- [ ] Verify the visualization renders correctly with sample data
|
||||
- [ ] Verify interactive elements (hover tooltips, click-to-drill-down) work
|
||||
- [ ] Verify the visualization handles empty/minimal data gracefully
|
||||
- **Edge cases**:
|
||||
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
||||
- [ ] Verify responsive layout at different viewport sizes
|
||||
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|
||||
@@ -1,31 +0,0 @@
|
||||
# Web Gateway Observability Surfaces (Health, SLO, Traces, Logs, Incident Mode)
|
||||
|
||||
## Module
|
||||
Web
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Web gateway observability client providing health aggregation, SLO burn-rate metrics with exemplar links, distributed trace inspection, structured log queries, evidence/attestation pass-through, incident mode toggle, and sealed-mode status APIs.
|
||||
|
||||
## Implementation Details
|
||||
- **Feature directory**: `src/Web/StellaOps.Web/src/app/core/telemetry/`
|
||||
- **Services**:
|
||||
- `telemetry-sampler` (`src/Web/StellaOps.Web/src/app/core/telemetry/telemetry-sampler.service.ts`)
|
||||
- `ttfs-telemetry` (`src/Web/StellaOps.Web/src/app/core/telemetry/ttfs-telemetry.service.ts`)
|
||||
- **Source**: SPRINT_0214_0001_0001_web_iii.md
|
||||
|
||||
## E2E Test Plan
|
||||
- **Setup**:
|
||||
- [ ] Log in with a user that has appropriate permissions
|
||||
- [ ] Navigate to the relevant page/section where this feature appears
|
||||
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
||||
- **Core verification**:
|
||||
- [ ] Verify the component renders correctly with sample data
|
||||
- [ ] Verify interactive elements respond to user input
|
||||
- [ ] Verify data is fetched and displayed from the correct API endpoints
|
||||
- **Edge cases**:
|
||||
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
||||
- [ ] Verify responsive layout at different viewport sizes
|
||||
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|
||||
@@ -1,39 +0,0 @@
|
||||
# Web Gateway OpenAPI Discovery with Deprecation and Idempotency
|
||||
|
||||
## Module
|
||||
Web
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Gateway OpenAPI discovery endpoint with ETag caching, standard error envelope migration, cursor pagination normalization, Idempotency-Key support, and deprecation header middleware with Sunset link emission.
|
||||
|
||||
## Implementation Details
|
||||
- **Feature directory**: `src/Web/StellaOps.Web/src/app/core/api/`
|
||||
- **Services**:
|
||||
- `gateway-metrics` (`src/Web/StellaOps.Web/src/app/core/api/gateway-metrics.service.ts`)
|
||||
- `policy-interop` (`src/Web/StellaOps.Web/src/app/core/api/policy-interop.service.ts`)
|
||||
- `reachability-integration` (`src/Web/StellaOps.Web/src/app/core/api/reachability-integration.service.ts`)
|
||||
- `vuln-export-orchestrator` (`src/Web/StellaOps.Web/src/app/core/api/vuln-export-orchestrator.service.ts`)
|
||||
- **Models**:
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/advisories.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/advisory-ai.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/ai-runs.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/analytics.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/aoc.models.ts`
|
||||
- **Source**: SPRINT_0214_0001_0001_web_iii.md
|
||||
|
||||
## E2E Test Plan
|
||||
- **Setup**:
|
||||
- [ ] Log in with a user that has appropriate permissions
|
||||
- [ ] Navigate to the relevant page/section where this feature appears
|
||||
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
||||
- **Core verification**:
|
||||
- [ ] Verify the component renders correctly with sample data
|
||||
- [ ] Verify interactive elements respond to user input
|
||||
- [ ] Verify data is fetched and displayed from the correct API endpoints
|
||||
- **Edge cases**:
|
||||
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
||||
- [ ] Verify responsive layout at different viewport sizes
|
||||
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|
||||
@@ -1,39 +0,0 @@
|
||||
# Web Gateway Signals and Reachability Proxy
|
||||
|
||||
## Module
|
||||
Web
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Gateway proxy for reachability signals providing call-graph queries, reachability state lookups, and runtime evidence retrieval through the web API layer for UI consumption.
|
||||
|
||||
## Implementation Details
|
||||
- **Feature directory**: `src/Web/StellaOps.Web/src/app/core/api/`
|
||||
- **Services**:
|
||||
- `gateway-metrics` (`src/Web/StellaOps.Web/src/app/core/api/gateway-metrics.service.ts`)
|
||||
- `policy-interop` (`src/Web/StellaOps.Web/src/app/core/api/policy-interop.service.ts`)
|
||||
- `reachability-integration` (`src/Web/StellaOps.Web/src/app/core/api/reachability-integration.service.ts`)
|
||||
- `vuln-export-orchestrator` (`src/Web/StellaOps.Web/src/app/core/api/vuln-export-orchestrator.service.ts`)
|
||||
- **Models**:
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/advisories.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/advisory-ai.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/ai-runs.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/analytics.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/aoc.models.ts`
|
||||
- **Source**: SPRINT_0216_0001_0001_web_v.md
|
||||
|
||||
## E2E Test Plan
|
||||
- **Setup**:
|
||||
- [ ] Log in with a user that has appropriate permissions
|
||||
- [ ] Navigate to the relevant page/section where this feature appears
|
||||
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
||||
- **Core verification**:
|
||||
- [ ] Verify the component renders correctly with sample data
|
||||
- [ ] Verify interactive elements respond to user input
|
||||
- [ ] Verify data is fetched and displayed from the correct API endpoints
|
||||
- **Edge cases**:
|
||||
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
||||
- [ ] Verify responsive layout at different viewport sizes
|
||||
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|
||||
@@ -1,39 +0,0 @@
|
||||
# Web Gateway VEX Consensus Proxy
|
||||
|
||||
## Module
|
||||
Web
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Gateway proxy for VEX consensus engine providing multi-source consensus queries, trust scoring, and quorum verification through the web API layer with tenant and ABAC enforcement.
|
||||
|
||||
## Implementation Details
|
||||
- **Feature directory**: `src/Web/StellaOps.Web/src/app/core/api/`
|
||||
- **Services**:
|
||||
- `gateway-metrics` (`src/Web/StellaOps.Web/src/app/core/api/gateway-metrics.service.ts`)
|
||||
- `policy-interop` (`src/Web/StellaOps.Web/src/app/core/api/policy-interop.service.ts`)
|
||||
- `reachability-integration` (`src/Web/StellaOps.Web/src/app/core/api/reachability-integration.service.ts`)
|
||||
- `vuln-export-orchestrator` (`src/Web/StellaOps.Web/src/app/core/api/vuln-export-orchestrator.service.ts`)
|
||||
- **Models**:
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/advisories.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/advisory-ai.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/ai-runs.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/analytics.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/core/api/aoc.models.ts`
|
||||
- **Source**: SPRINT_0216_0001_0001_web_v.md
|
||||
|
||||
## E2E Test Plan
|
||||
- **Setup**:
|
||||
- [ ] Log in with a user that has appropriate permissions
|
||||
- [ ] Navigate to the relevant page/section where this feature appears
|
||||
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
||||
- **Core verification**:
|
||||
- [ ] Verify the component renders correctly with sample data
|
||||
- [ ] Verify interactive elements respond to user input
|
||||
- [ ] Verify data is fetched and displayed from the correct API endpoints
|
||||
- **Edge cases**:
|
||||
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
||||
- [ ] Verify responsive layout at different viewport sizes
|
||||
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|
||||
@@ -1,62 +0,0 @@
|
||||
# "Why Safe?" Evidence Explanation Panel
|
||||
|
||||
## Module
|
||||
Web
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Dedicated panel answering "Why is this component considered safe?" by aggregating and displaying all contributing evidence: VEX statements, reachability analysis results, attestation chains, and policy evaluation outcomes in a user-friendly breakdown.
|
||||
|
||||
## Implementation Details
|
||||
- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/triage/`
|
||||
- **Components**:
|
||||
- `ai-code-guard-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/ai-code-guard-badge/ai-code-guard-badge.component.ts`)
|
||||
- `ai-recommendation-panel` (`src/Web/StellaOps.Web/src/app/features/triage/components/ai-recommendation-panel/ai-recommendation-panel.component.ts`)
|
||||
- `attestation-viewer` (`src/Web/StellaOps.Web/src/app/features/triage/components/attestation-viewer/attestation-viewer.component.ts`)
|
||||
- `bulk-action-modal` (`src/Web/StellaOps.Web/src/app/features/triage/components/bulk-action-modal/bulk-action-modal.component.ts`)
|
||||
- `case-header` (`src/Web/StellaOps.Web/src/app/features/triage/components/case-header/case-header.component.ts`)
|
||||
- `decision-drawer-enhanced` (`src/Web/StellaOps.Web/src/app/features/triage/components/decision-drawer/decision-drawer-enhanced.component.ts`)
|
||||
- `decision-drawer` (`src/Web/StellaOps.Web/src/app/features/triage/components/decision-drawer/decision-drawer.component.ts`)
|
||||
- `attestation-chain` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/attestation-chain.component.ts`)
|
||||
- `backport-verdict-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/backport-verdict-badge.component.ts`)
|
||||
- `binary-diff-tab` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/binary-diff-tab.component.ts`)
|
||||
- `confidence-meter` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/confidence-meter.component.ts`)
|
||||
- `diff-tab` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/diff-tab.component.ts`)
|
||||
- `dsse-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/dsse-badge.component.ts`)
|
||||
- `evidence-uri-link` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/evidence-uri-link.component.ts`)
|
||||
- `function-trace` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/function-trace.component.ts`)
|
||||
- ... and 48 more components
|
||||
- **Services**:
|
||||
- `advisory-ai` (`src/Web/StellaOps.Web/src/app/features/triage/services/advisory-ai.service.ts`)
|
||||
- `binary-diff-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/binary-diff-evidence.service.ts`)
|
||||
- `diff-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/diff-evidence.service.ts`)
|
||||
- `display-preferences` (`src/Web/StellaOps.Web/src/app/features/triage/services/display-preferences.service.ts`)
|
||||
- `evidence-tab` (`src/Web/StellaOps.Web/src/app/features/triage/services/evidence-tab.service.ts`)
|
||||
- `gating` (`src/Web/StellaOps.Web/src/app/features/triage/services/gating.service.ts`)
|
||||
- `keyboard-shortcuts` (`src/Web/StellaOps.Web/src/app/features/triage/services/keyboard-shortcuts.service.ts`)
|
||||
- `reach-graph-slice` (`src/Web/StellaOps.Web/src/app/features/triage/services/reach-graph-slice.service.ts`)
|
||||
- `reachability` (`src/Web/StellaOps.Web/src/app/features/triage/services/reachability.service.ts`)
|
||||
- `runtime-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/runtime-evidence.service.ts`)
|
||||
- **Models**:
|
||||
- `src/Web/StellaOps.Web/src/app/features/triage/models/diff-evidence.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/features/triage/models/evidence-panel.models.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/features/triage/models/evidence.model.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/features/triage/models/gating.model.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/features/triage/models/reachability.models.ts`
|
||||
- **Source**: SPRINT_20251228_008_FE_sbom_lineage_graph_ii.md
|
||||
|
||||
## E2E Test Plan
|
||||
- **Setup**:
|
||||
- [ ] Log in with a user that has appropriate permissions
|
||||
- [ ] Navigate to `/triage/artifacts`
|
||||
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
||||
- **Core verification**:
|
||||
- [ ] Verify the panel/drawer opens on trigger (click, keyboard shortcut)
|
||||
- [ ] Verify the panel displays the correct detail data for the selected item
|
||||
- [ ] Verify the panel can be closed (X button, Escape key, backdrop click)
|
||||
- **Edge cases**:
|
||||
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
||||
- [ ] Verify responsive layout at different viewport sizes
|
||||
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|
||||
@@ -1,30 +0,0 @@
|
||||
# Witness Drawer (Slide-In)
|
||||
|
||||
## Module
|
||||
Web
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Contextual slide-in drawer for viewing reachability witness details including call paths, observation type, and claim verification status.
|
||||
|
||||
## Implementation Details
|
||||
- **Feature directory**: `src/Web/StellaOps.Web/src/app/shared/overlays/witness-drawer/`
|
||||
- **Components**:
|
||||
- `witness-drawer` (`src/Web/StellaOps.Web/src/app/shared/overlays/witness-drawer/witness-drawer.component.ts`)
|
||||
- **Source**: SPRINT_20260118_009_FE_route_migration_shared_components.md
|
||||
|
||||
## E2E Test Plan
|
||||
- **Setup**:
|
||||
- [ ] Log in with a user that has appropriate permissions
|
||||
- [ ] Navigate to the relevant page/section where this feature appears
|
||||
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
||||
- **Core verification**:
|
||||
- [ ] Verify the panel/drawer opens on trigger (click, keyboard shortcut)
|
||||
- [ ] Verify the panel displays the correct detail data for the selected item
|
||||
- [ ] Verify the panel can be closed (X button, Escape key, backdrop click)
|
||||
- **Edge cases**:
|
||||
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
||||
- [ ] Verify responsive layout at different viewport sizes
|
||||
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|
||||
@@ -1,30 +0,0 @@
|
||||
# Witness Viewer UI
|
||||
|
||||
## Module
|
||||
Web
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Witness viewer UI component in the shared UI library, plus a witness page within the reachability feature area.
|
||||
|
||||
## Implementation Details
|
||||
- **Feature directory**: `src/Web/StellaOps.Web/src/app/shared/ui/witness-viewer/`
|
||||
- **Components**:
|
||||
- `witness-viewer` (`src/Web/StellaOps.Web/src/app/shared/ui/witness-viewer/witness-viewer.component.ts`)
|
||||
- **Source**: Feature matrix scan
|
||||
|
||||
## E2E Test Plan
|
||||
- **Setup**:
|
||||
- [ ] Log in with a user that has appropriate permissions
|
||||
- [ ] Navigate to the relevant page/section where this feature appears
|
||||
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
||||
- **Core verification**:
|
||||
- [ ] Verify the component renders correctly with sample data
|
||||
- [ ] Verify interactive elements respond to user input
|
||||
- [ ] Verify data is fetched and displayed from the correct API endpoints
|
||||
- **Edge cases**:
|
||||
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
||||
- [ ] Verify responsive layout at different viewport sizes
|
||||
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|
||||
@@ -1,36 +0,0 @@
|
||||
# Workflow Visualization with Time-Travel Controls
|
||||
|
||||
## Module
|
||||
Web
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
DAG-based workflow visualizer with time-travel debugging controls. Users can step forward/backward through workflow execution states, inspect step details at each point in time, view execution logs, and interactively debug release workflows. The time-travel service manages historical state snapshots. (Merged with Workflow Visualization UI Module from Phase 2 Web section.)
|
||||
|
||||
## Implementation Details
|
||||
- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/workflow-visualization/`
|
||||
- **Routes**: `workflow-visualization.routes.ts`
|
||||
- **Components**:
|
||||
- `step-detail-panel` (`src/Web/StellaOps.Web/src/app/features/workflow-visualization/components/step-detail-panel/step-detail-panel.component.ts`)
|
||||
- `time-travel-controls` (`src/Web/StellaOps.Web/src/app/features/workflow-visualization/components/time-travel-controls/time-travel-controls.component.ts`)
|
||||
- `workflow-visualizer` (`src/Web/StellaOps.Web/src/app/features/workflow-visualization/components/workflow-visualizer/workflow-visualizer.component.ts`)
|
||||
- **Services**:
|
||||
- `time-travel` (`src/Web/StellaOps.Web/src/app/features/workflow-visualization/services/time-travel.service.ts`)
|
||||
- `workflow-visualization` (`src/Web/StellaOps.Web/src/app/features/workflow-visualization/services/workflow-visualization.service.ts`)
|
||||
- **Source**: Feature matrix scan
|
||||
|
||||
## E2E Test Plan
|
||||
- **Setup**:
|
||||
- [ ] Log in with a user that has appropriate permissions
|
||||
- [ ] Navigate to `/release-orchestrator`
|
||||
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
||||
- **Core verification**:
|
||||
- [ ] Verify the visualization renders correctly with sample data
|
||||
- [ ] Verify interactive elements (hover tooltips, click-to-drill-down) work
|
||||
- [ ] Verify the visualization handles empty/minimal data gracefully
|
||||
- **Edge cases**:
|
||||
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
||||
- [ ] Verify responsive layout at different viewport sizes
|
||||
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|
||||
Reference in New Issue
Block a user