docs consolidation, big sln build fixes, new advisories and sprints/tasks

2026-01-05 18:37:04 +02:00
parent d0a7b88398
commit d7bdca6d97
175 changed files with 10322 additions and 307 deletions
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzer.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzer.cs
@@ -42,6 +42,11 @@ public sealed class SecretsAnalyzer : ILanguageAnalyzer
    /// </summary>
    public SecretRuleset? Ruleset => _ruleset;

+    /// <summary>
+    /// Gets the ruleset version string for tracking and reporting.
+    /// </summary>
+    public string RulesetVersion => _ruleset?.Version ?? "unknown";
+
    /// <summary>
    /// Sets the ruleset to use for detection.
    /// Called by SecretsAnalyzerHost after loading the bundle.
@@ -51,6 +56,58 @@ public sealed class SecretsAnalyzer : ILanguageAnalyzer
        _ruleset = ruleset ?? throw new ArgumentNullException(nameof(ruleset));
    }

+    /// <summary>
+    /// Analyzes raw file content for secrets. Adapter for Worker stage executor.
+    /// </summary>
+    public async ValueTask<List<SecretFinding>> AnalyzeAsync(
+        byte[] content,
+        string relativePath,
+        CancellationToken ct)
+    {
+        if (!IsEnabled || content is null || content.Length == 0)
+        {
+            return new List<SecretFinding>();
+        }
+
+        var findings = new List<SecretFinding>();
+
+        foreach (var rule in _ruleset!.GetRulesForFile(relativePath))
+        {
+            ct.ThrowIfCancellationRequested();
+
+            var matches = await _detector.DetectAsync(content, relativePath, rule, ct);
+
+            foreach (var match in matches)
+            {
+                var confidence = MapScoreToConfidence(match.ConfidenceScore);
+                if (confidence < _options.Value.MinConfidence)
+                {
+                    continue;
+                }
+
+                var maskedSecret = _masker.Mask(match.Secret);
+                var finding = new SecretFinding
+                {
+                    RuleId = rule.Id,
+                    RuleName = rule.Name,
+                    Severity = rule.Severity,
+                    Confidence = confidence,
+                    FilePath = relativePath,
+                    LineNumber = match.LineNumber,
+                    ColumnStart = match.ColumnStart,
+                    ColumnEnd = match.ColumnEnd,
+                    MatchedText = maskedSecret,
+                    Category = rule.Category,
+                    DetectedAtUtc = _timeProvider.GetUtcNow()
+                };
+
+                findings.Add(finding);
+            }
+        }
+
+        return findings;
+    }
+
    public async ValueTask AnalyzeAsync(
        LanguageAnalyzerContext context,
        LanguageComponentWriter writer,