save progress

2026-01-03 12:41:57 +02:00
parent 83c37243e0
commit d486d41a48
48 changed files with 7174 additions and 1086 deletions
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEnums.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEnums.cs
@@ -1,3 +1,5 @@
+using NpgsqlTypes;
+
 namespace StellaOps.Scanner.Triage.Entities;

 /// <summary>
@@ -6,21 +8,27 @@ namespace StellaOps.Scanner.Triage.Entities;
 public enum TriageLane
 {
    /// <summary>Finding is actively being evaluated.</summary>
+    [PgName("ACTIVE")]
    Active,

    /// <summary>Finding is blocking shipment.</summary>
+    [PgName("BLOCKED")]
    Blocked,

    /// <summary>Finding requires a security exception to proceed.</summary>
+    [PgName("NEEDS_EXCEPTION")]
    NeedsException,

    /// <summary>Finding is muted due to reachability analysis (not reachable).</summary>
+    [PgName("MUTED_REACH")]
    MutedReach,

    /// <summary>Finding is muted due to VEX status (not affected).</summary>
+    [PgName("MUTED_VEX")]
    MutedVex,

    /// <summary>Finding is mitigated by compensating controls.</summary>
+    [PgName("COMPENSATED")]
    Compensated
 }

@@ -30,12 +38,15 @@ public enum TriageLane
 public enum TriageVerdict
 {
    /// <summary>Can ship - no blocking issues.</summary>
+    [PgName("SHIP")]
    Ship,

    /// <summary>Cannot ship - blocking issues present.</summary>
+    [PgName("BLOCK")]
    Block,

    /// <summary>Exception granted - can ship with documented exception.</summary>
+    [PgName("EXCEPTION")]
    Exception
 }

@@ -45,12 +56,15 @@ public enum TriageVerdict
 public enum TriageReachability
 {
    /// <summary>Vulnerable code is reachable.</summary>
+    [PgName("YES")]
    Yes,

    /// <summary>Vulnerable code is not reachable.</summary>
+    [PgName("NO")]
    No,

    /// <summary>Reachability cannot be determined.</summary>
+    [PgName("UNKNOWN")]
    Unknown
 }

@@ -60,15 +74,19 @@ public enum TriageReachability
 public enum TriageVexStatus
 {
    /// <summary>Product is affected by the vulnerability.</summary>
+    [PgName("affected")]
    Affected,

    /// <summary>Product is not affected by the vulnerability.</summary>
+    [PgName("not_affected")]
    NotAffected,

    /// <summary>Investigation is ongoing.</summary>
+    [PgName("under_investigation")]
    UnderInvestigation,

    /// <summary>Status is unknown.</summary>
+    [PgName("unknown")]
    Unknown
 }

@@ -78,15 +96,19 @@ public enum TriageVexStatus
 public enum TriageDecisionKind
 {
    /// <summary>Mute based on reachability analysis.</summary>
+    [PgName("MUTE_REACH")]
    MuteReach,

    /// <summary>Mute based on VEX status.</summary>
+    [PgName("MUTE_VEX")]
    MuteVex,

    /// <summary>Acknowledge the finding without action.</summary>
+    [PgName("ACK")]
    Ack,

    /// <summary>Grant a security exception.</summary>
+    [PgName("EXCEPTION")]
    Exception
 }

@@ -96,24 +118,31 @@ public enum TriageDecisionKind
 public enum TriageSnapshotTrigger
 {
    /// <summary>Vulnerability feed was updated.</summary>
+    [PgName("FEED_UPDATE")]
    FeedUpdate,

    /// <summary>VEX document was updated.</summary>
+    [PgName("VEX_UPDATE")]
    VexUpdate,

    /// <summary>SBOM was updated.</summary>
+    [PgName("SBOM_UPDATE")]
    SbomUpdate,

    /// <summary>Runtime trace was received.</summary>
+    [PgName("RUNTIME_TRACE")]
    RuntimeTrace,

    /// <summary>Policy was updated.</summary>
+    [PgName("POLICY_UPDATE")]
    PolicyUpdate,

    /// <summary>A triage decision was made.</summary>
+    [PgName("DECISION")]
    Decision,

    /// <summary>Manual rescan was triggered.</summary>
+    [PgName("RESCAN")]
    Rescan
 }

@@ -123,29 +152,38 @@ public enum TriageSnapshotTrigger
 public enum TriageEvidenceType
 {
    /// <summary>Slice of the SBOM relevant to the finding.</summary>
+    [PgName("SBOM_SLICE")]
    SbomSlice,

    /// <summary>VEX document.</summary>
+    [PgName("VEX_DOC")]
    VexDoc,

    /// <summary>Build provenance attestation.</summary>
+    [PgName("PROVENANCE")]
    Provenance,

    /// <summary>Callstack or callgraph slice.</summary>
+    [PgName("CALLSTACK_SLICE")]
    CallstackSlice,

    /// <summary>Reachability proof document.</summary>
+    [PgName("REACHABILITY_PROOF")]
    ReachabilityProof,

    /// <summary>Replay manifest for deterministic reproduction.</summary>
+    [PgName("REPLAY_MANIFEST")]
    ReplayManifest,

    /// <summary>Policy document that was applied.</summary>
+    [PgName("POLICY")]
    Policy,

    /// <summary>Scan log output.</summary>
+    [PgName("SCAN_LOG")]
    ScanLog,

    /// <summary>Other evidence type.</summary>
+    [PgName("OTHER")]
    Other
 }