docs consolidation, big sln build fixes, new advisories and sprints/tasks

2026-01-05 18:37:04 +02:00
parent d0a7b88398
commit d7bdca6d97
175 changed files with 10322 additions and 307 deletions
--- a/src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageSchemaIntegrationTests.cs
+++ b/src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageSchemaIntegrationTests.cs
@@ -60,6 +60,7 @@ public sealed class TriageSchemaIntegrationTests : IAsyncLifetime
        // Arrange
        await Context.Database.EnsureCreatedAsync();

+        var now = DateTimeOffset.UtcNow;
        var finding = new TriageFinding
        {
            Id = Guid.NewGuid(),
@@ -67,8 +68,9 @@ public sealed class TriageSchemaIntegrationTests : IAsyncLifetime
            AssetLabel = "prod/api-gateway:1.2.3",
            Purl = "pkg:npm/lodash@4.17.20",
            CveId = "CVE-2021-23337",
-            FirstSeenAt = DateTimeOffset.UtcNow,
-            LastSeenAt = DateTimeOffset.UtcNow
+            FirstSeenAt = now,
+            LastSeenAt = now,
+            UpdatedAt = now
        };

        // Act
@@ -90,13 +92,17 @@ public sealed class TriageSchemaIntegrationTests : IAsyncLifetime
        // Arrange
        await Context.Database.EnsureCreatedAsync();

+        var now = DateTimeOffset.UtcNow;
        var finding = new TriageFinding
        {
            Id = Guid.NewGuid(),
            AssetId = Guid.NewGuid(),
            AssetLabel = "prod/api-gateway:1.2.3",
            Purl = "pkg:npm/lodash@4.17.20",
-            CveId = "CVE-2021-23337"
+            CveId = "CVE-2021-23337",
+            FirstSeenAt = now,
+            LastSeenAt = now,
+            UpdatedAt = now
        };

        Context.Findings.Add(finding);
@@ -111,7 +117,7 @@ public sealed class TriageSchemaIntegrationTests : IAsyncLifetime
            Note = "Code path is not reachable per RichGraph analysis",
            ActorSubject = "user:test@example.com",
            ActorDisplay = "Test User",
-            CreatedAt = DateTimeOffset.UtcNow
+            CreatedAt = now
        };

        // Act
@@ -137,13 +143,17 @@ public sealed class TriageSchemaIntegrationTests : IAsyncLifetime
        // Arrange
        await Context.Database.EnsureCreatedAsync();

+        var now = DateTimeOffset.UtcNow;
        var finding = new TriageFinding
        {
            Id = Guid.NewGuid(),
            AssetId = Guid.NewGuid(),
            AssetLabel = "prod/api-gateway:1.2.3",
            Purl = "pkg:npm/lodash@4.17.20",
-            CveId = "CVE-2021-23337"
+            CveId = "CVE-2021-23337",
+            FirstSeenAt = now,
+            LastSeenAt = now,
+            UpdatedAt = now
        };

        Context.Findings.Add(finding);
@@ -160,7 +170,7 @@ public sealed class TriageSchemaIntegrationTests : IAsyncLifetime
            Verdict = TriageVerdict.Block,
            Lane = TriageLane.Blocked,
            Why = "High-severity CVE with network exposure",
-            ComputedAt = DateTimeOffset.UtcNow
+            ComputedAt = now
        };

        // Act
@@ -186,13 +196,17 @@ public sealed class TriageSchemaIntegrationTests : IAsyncLifetime
        // Arrange
        await Context.Database.EnsureCreatedAsync();

+        var now = DateTimeOffset.UtcNow;
        var finding = new TriageFinding
        {
            Id = Guid.NewGuid(),
            AssetId = Guid.NewGuid(),
            AssetLabel = "prod/api:1.0",
            Purl = "pkg:npm/test@1.0.0",
-            CveId = "CVE-2024-0001"
+            CveId = "CVE-2024-0001",
+            FirstSeenAt = now,
+            LastSeenAt = now,
+            UpdatedAt = now
        };

        Context.Findings.Add(finding);
@@ -200,20 +214,24 @@ public sealed class TriageSchemaIntegrationTests : IAsyncLifetime

        var decision = new TriageDecision
        {
+            Id = Guid.NewGuid(),
            FindingId = finding.Id,
            Kind = TriageDecisionKind.Ack,
            ReasonCode = "ACKNOWLEDGED",
-            ActorSubject = "user:admin"
+            ActorSubject = "user:admin",
+            CreatedAt = now
        };

        var riskResult = new TriageRiskResult
        {
+            Id = Guid.NewGuid(),
            FindingId = finding.Id,
            PolicyId = "policy-v1",
            PolicyVersion = "1.0",
            InputsHash = "hash123",
            Score = 50,
-            Why = "Medium risk"
+            Why = "Medium risk",
+            ComputedAt = now
        };

        Context.Decisions.Add(decision);
@@ -245,13 +263,18 @@ public sealed class TriageSchemaIntegrationTests : IAsyncLifetime
        const string purl = "pkg:npm/lodash@4.17.20";
        const string cveId = "CVE-2021-23337";

+        var now = DateTimeOffset.UtcNow;
        var finding1 = new TriageFinding
        {
+            Id = Guid.NewGuid(),
            AssetId = assetId,
            EnvironmentId = envId,
            AssetLabel = "prod/api:1.0",
            Purl = purl,
-            CveId = cveId
+            CveId = cveId,
+            FirstSeenAt = now,
+            LastSeenAt = now,
+            UpdatedAt = now
        };

        Context.Findings.Add(finding1);
@@ -259,11 +282,15 @@ public sealed class TriageSchemaIntegrationTests : IAsyncLifetime

        var finding2 = new TriageFinding
        {
+            Id = Guid.NewGuid(),
            AssetId = assetId,
            EnvironmentId = envId,
            AssetLabel = "prod/api:1.0",
            Purl = purl,
-            CveId = cveId
+            CveId = cveId,
+            FirstSeenAt = now,
+            LastSeenAt = now,
+            UpdatedAt = now
        };

        Context.Findings.Add(finding2);