save checkpoint
This commit is contained in:
master
@@ -32,6 +32,85 @@ Risk engine combining CVSS scores with KEV (Known Exploited Vulnerabilities) dat
|
||||
|
||||
## Verification
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 1 code review + Tier 2d test verification
|
||||
- **Method**: Tier 2a live API replay + Tier 2d regression verification
|
||||
- **Build**: Core and Infrastructure projects build cleanly (0 errors, 0 warnings). Worker/WebService have deprecation notices but compile.
|
||||
- **Tests**: 44+ tests covering this feature across 4 test files (UnitTest1/RiskScoreWorkerTests: 17, RiskEngineApiTests: 4, FixChainRiskProviderTests: 13, FixChainRiskIntegrationTests: 10). All 55/55 module tests pass.
|
||||
- **Tests**: RiskEngine suite re-run in Release with 94/94 passing, including added API/provider regression coverage (`Simulations_CvssKev_UsesInlineSignals`, provider-list exposure check, and inline-signal provider unit tests).
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-002/tier2-api-check.json`
|
||||
|
||||
## Recheck (Run-003)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay via in-process WebApplicationFactory + full suite replay.
|
||||
- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-003/tier2-api-check.json`
|
||||
- **Outcome**: CVSS+KEV provider exposure and inline-signal simulation behavior remain stable after subsequent module edits.
|
||||
|
||||
|
||||
## Recheck (Run-004)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay via in-process WebApplicationFactory + full suite replay.
|
||||
- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-004/tier2-api-check.json`
|
||||
- **Outcome**: CVSS+KEV provider exposure and inline-signal simulation behavior remain stable.
|
||||
|
||||
## Recheck (Run-005)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay validated via RiskEngine integration suite.
|
||||
- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-005/tier2-api-check.json`
|
||||
- **Outcome**: CVSS/KEV risk signal combination behavior remains healthy.
|
||||
|
||||
## Recheck (Run-006)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-006/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-007)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-007/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-008)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-008/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-009)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-009/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
|
||||
## Recheck (Run-010)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2d deterministic integration replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-010/tier2-integration-check.json
|
||||
- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
|
||||
## Recheck (Run-011)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2d deterministic integration replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-011/tier2-integration-check.json
|
||||
- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
|
||||
## Recheck (Run-012)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-012/tier2-api-check.json
|
||||
- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-013)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a live HTTPS API verification with fresh request/response capture.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/cvss-kev-risk-signal-combination/run-013/tier2-api-check.json
|
||||
- **Captured Requests**: `/risk-scores/providers`; `/risk-scores/simulations` for KEV bonus (0.95), no-KEV baseline (0.75), and unknown provider error semantics.
|
||||
- **Outcome**: CVSS+KEV checked behavior revalidated from live API transactions.
|
||||
|
||||
@@ -29,6 +29,85 @@ EPSS provider with bundle loading, fetching, and risk band mapping. Contains two
|
||||
|
||||
## Verification
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 1 code review + Tier 2d test verification
|
||||
- **Method**: Tier 2a live API replay + Tier 2d regression verification
|
||||
- **Build**: Passes (0 errors, 0 warnings for Core/Infrastructure)
|
||||
- **Tests**: 14+ tests across 2 test files (EpssBundleTests: 8, RiskScoreWorkerTests EPSS-specific: 6+). All 55/55 module tests pass.
|
||||
- **Tests**: RiskEngine suite re-run in Release with 94/94 passing, including added API/provider regression coverage (`Simulations_Epss_UsesInlineSignals`, `Simulations_CvssKevEpss_UsesInlineSignals`, and inline EPSS signal provider tests).
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-002/tier2-api-check.json`
|
||||
|
||||
## Recheck (Run-003)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay via in-process WebApplicationFactory + full suite replay.
|
||||
- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-003/tier2-api-check.json`
|
||||
- **Outcome**: EPSS and CVSS+KEV+EPSS API simulation paths remain reachable and deterministic.
|
||||
|
||||
|
||||
## Recheck (Run-004)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay via in-process WebApplicationFactory + full suite replay.
|
||||
- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-004/tier2-api-check.json`
|
||||
- **Outcome**: EPSS and CVSS+KEV+EPSS API simulation paths remain reachable and deterministic.
|
||||
|
||||
## Recheck (Run-005)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay validated via RiskEngine integration suite.
|
||||
- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-005/tier2-api-check.json`
|
||||
- **Outcome**: EPSS risk band mapping behavior remains healthy.
|
||||
|
||||
## Recheck (Run-006)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-006/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-007)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-007/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-008)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-008/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-009)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-009/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
|
||||
## Recheck (Run-010)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2d deterministic integration replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-010/tier2-integration-check.json
|
||||
- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
|
||||
## Recheck (Run-011)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2d deterministic integration replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-011/tier2-integration-check.json
|
||||
- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
|
||||
## Recheck (Run-012)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-012/tier2-api-check.json
|
||||
- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-013)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a live HTTPS API verification with fresh request/response capture.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/epss-risk-band-mapping/run-013/tier2-api-check.json
|
||||
- **Captured Requests**: `/risk-scores/simulations` for EPSS direct score (0.77), CVSS+KEV+EPSS percentile bonus (0.55), and missing-signal fallback (0).
|
||||
- **Outcome**: EPSS mapping behavior revalidated from live API transactions.
|
||||
|
||||
@@ -27,7 +27,86 @@ Dedicated exploit maturity mapping service consolidating EPSS, KEV, and in-the-w
|
||||
|
||||
## Verification
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 1 code review + Tier 2d test verification
|
||||
- **Method**: Tier 2a live API replay + Tier 2d test verification
|
||||
- **Build**: Passes (0 errors, 0 warnings for Core)
|
||||
- **Tests**: 23 tests across 2 test files (ExploitMaturityServiceTests: 14, ExploitMaturityApiTests: 9). All 55/55 module tests pass.
|
||||
- **Tests**: RiskEngine suite re-run in Release with 94/94 passing, including exploit maturity endpoint and service coverage.
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-002/tier2-api-check.json`
|
||||
- **Note**: `GetMaturityHistoryAsync` returns empty (requires persistence layer). Interface and model for lifecycle tracking exist but persistence is not yet implemented. The core maturity assessment service is fully functional.
|
||||
|
||||
## Recheck (Run-003)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay via in-process WebApplicationFactory + Tier 2d service regression replay.
|
||||
- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-003/tier2-api-check.json`
|
||||
- **Outcome**: Exploit maturity assessment, level/history, and batch endpoint contracts remain stable.
|
||||
|
||||
|
||||
## Recheck (Run-004)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay via in-process WebApplicationFactory + full suite replay.
|
||||
- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-004/tier2-api-check.json`
|
||||
- **Outcome**: Exploit maturity assessment, level/history, and batch endpoint contracts remain stable.
|
||||
|
||||
## Recheck (Run-005)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay validated via RiskEngine integration suite.
|
||||
- **Tests**: PASS (`src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests`: 94/94).
|
||||
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-005/tier2-api-check.json`
|
||||
- **Outcome**: Exploit maturity mapping behavior remains healthy.
|
||||
|
||||
## Recheck (Run-006)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-006/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-007)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-007/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-008)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-008/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-009)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-009/tier2-api-check.json
|
||||
- **Outcome**: Checked RiskEngine behavior remains healthy in continued replay.
|
||||
|
||||
|
||||
## Recheck (Run-010)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2d deterministic integration replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-010/tier2-integration-check.json
|
||||
- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
|
||||
## Recheck (Run-011)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2d deterministic integration replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-011/tier2-integration-check.json
|
||||
- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
|
||||
## Recheck (Run-012)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a API replay + deterministic integration suite replay.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-012/tier2-api-check.json
|
||||
- **Outcome**: Checked risk engine behavior remains healthy in continued replay.
|
||||
|
||||
## Recheck (Run-013)
|
||||
- **Verified**: 2026-02-10
|
||||
- **Method**: Tier 2a live HTTPS API verification with fresh request/response capture.
|
||||
- **Tests**: PASS (src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests: 94/94).
|
||||
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/tier2-api-check.json
|
||||
- **Captured Requests**: `/exploit-maturity/{cveId}`, `/exploit-maturity/{cveId}/level`, `/exploit-maturity/{cveId}/history`, `/exploit-maturity/batch` (success) and `/exploit-maturity/batch` with empty list (400).
|
||||
- **Outcome**: Exploit maturity API contracts revalidated from live API transactions.
|
||||
|
||||
Reference in New Issue
Block a user