docs consolidation, big sln build fixes, new advisories and sprints/tasks

src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/FindingsEvidenceControllerTests.cs

@@ -132,6 +132,7 @@ public sealed class FindingsEvidenceControllerTests
 
         await db.Database.EnsureCreatedAsync();
 
+        var now = DateTimeOffset.UtcNow;
         var findingId = Guid.NewGuid();
         var finding = new TriageFinding
         {
@@ -140,12 +141,15 @@ public sealed class FindingsEvidenceControllerTests
             AssetLabel = "prod/api-gateway:1.2.3",
             Purl = "pkg:npm/lodash@4.17.20",
             CveId = "CVE-2024-12345",
-            LastSeenAt = DateTimeOffset.UtcNow
+            FirstSeenAt = now,
+            LastSeenAt = now,
+            UpdatedAt = now
         };
 
         db.Findings.Add(finding);
         db.RiskResults.Add(new TriageRiskResult
         {
+            Id = Guid.NewGuid(),
             FindingId = findingId,
             PolicyId = "policy-1",
             PolicyVersion = "1.0.0",
@@ -154,15 +158,17 @@ public sealed class FindingsEvidenceControllerTests
             Verdict = TriageVerdict.Block,
             Lane = TriageLane.Blocked,
             Why = "High risk score",
-            ComputedAt = DateTimeOffset.UtcNow
+            ComputedAt = now
         });
         db.EvidenceArtifacts.Add(new TriageEvidenceArtifact
         {
+            Id = Guid.NewGuid(),
             FindingId = findingId,
             Type = TriageEvidenceType.Provenance,
             Title = "SBOM attestation",
             ContentHash = "sha256:attestation",
-            Uri = "s3://evidence/attestation.json"
+            Uri = "s3://evidence/attestation.json",
+            CreatedAt = now
         });
 
         await db.SaveChangesAsync();

src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/GatingReasonServiceTests.cs

@@ -448,6 +448,7 @@ public sealed class GatingReasonServiceTests
     public void VexEvidenceTrust_SignedWithLedger_HasHighTrust()
     {
         // Arrange - DSSE envelope + signature ref + source ref
+        var now = DateTimeOffset.UtcNow;
         var vex = new TriageEffectiveVex
         {
             Id = Guid.NewGuid(),
@@ -455,7 +456,9 @@ public sealed class GatingReasonServiceTests
             DsseEnvelopeHash = "sha256:signed",
             SignatureRef = "ledger-entry",
             SourceDomain = "nvd",
-            SourceRef = "NVD-CVE-2024-1234"
+            SourceRef = "NVD-CVE-2024-1234",
+            ValidFrom = now,
+            CollectedAt = now
         };
 
         // Assert - all evidence factors present
@@ -469,6 +472,7 @@ public sealed class GatingReasonServiceTests
     public void VexEvidenceTrust_NoEvidence_HasBaseTrust()
     {
         // Arrange - no signature, no ledger, no source
+        var now = DateTimeOffset.UtcNow;
         var vex = new TriageEffectiveVex
         {
             Id = Guid.NewGuid(),
@@ -476,7 +480,9 @@ public sealed class GatingReasonServiceTests
             DsseEnvelopeHash = null,
             SignatureRef = null,
             SourceDomain = "unknown",
-            SourceRef = "unknown"
+            SourceRef = "unknown",
+            ValidFrom = now,
+            CollectedAt = now
         };
 
         // Assert - base trust only
@@ -493,12 +499,16 @@ public sealed class GatingReasonServiceTests
     public void TriageFinding_RequiredFields_AreSet()
     {
         // Arrange
+        var now = DateTimeOffset.UtcNow;
         var finding = new TriageFinding
         {
             Id = Guid.NewGuid(),
             AssetLabel = "test-asset",
             Purl = "pkg:npm/test@1.0.0",
-            CveId = "CVE-2024-1234"
+            CveId = "CVE-2024-1234",
+            FirstSeenAt = now,
+            LastSeenAt = now,
+            UpdatedAt = now
         };
 
         // Assert
@@ -519,7 +529,8 @@ public sealed class GatingReasonServiceTests
             {
                 Id = Guid.NewGuid(),
                 PolicyId = "test-policy",
-                Action = action
+                Action = action,
+                AppliedAt = DateTimeOffset.UtcNow
             };
 
             decision.Action.Should().Be(action);
@@ -562,7 +573,8 @@ public sealed class GatingReasonServiceTests
             Id = Guid.NewGuid(),
             Reachable = TriageReachability.No,
             InputsHash = "sha256:inputs-hash",
-            SubgraphId = "sha256:subgraph"
+            SubgraphId = "sha256:subgraph",
+            ComputedAt = DateTimeOffset.UtcNow
         };
 
         // Assert

src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/LinksetResolverTests.cs

@@ -113,7 +113,10 @@ public sealed class LinksetResolverTests
             FeatureFlags: Array.Empty<string>(),
             Secrets: new SurfaceSecretsConfiguration("file", "tenant-a", "/etc/secrets", null, null, false),
             Tenant: "tenant-a",
-            Tls: new SurfaceTlsConfiguration(null, null, new X509Certificate2Collection()));
+            Tls: new SurfaceTlsConfiguration(null, null, new X509Certificate2Collection()))
+        {
+            CreatedAtUtc = DateTimeOffset.UtcNow
+        };
 
         public IReadOnlyDictionary<string, string> RawVariables { get; } = new Dictionary<string, string>(StringComparer.Ordinal)
         {

src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/ScannerSurfaceSecretConfiguratorTests.cs

@@ -202,7 +202,10 @@ public sealed class ScannerSurfaceSecretConfiguratorTests
                 Array.Empty<string>(),
                 new SurfaceSecretsConfiguration("inline", "tenant", null, null, null, true),
                 "tenant",
-                new SurfaceTlsConfiguration(null, null, null));
+                new SurfaceTlsConfiguration(null, null, null))
+            {
+                CreatedAtUtc = DateTimeOffset.UtcNow
+            };
             RawVariables = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
         }
 

src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/SurfaceCacheOptionsConfiguratorTests.cs

@@ -26,7 +26,10 @@ public sealed class SurfaceCacheOptionsConfiguratorTests
             Array.Empty<string>(),
             new SurfaceSecretsConfiguration("file", "tenant-b", "/etc/secrets", null, null, false),
             "tenant-b",
-            new SurfaceTlsConfiguration(null, null, new X509Certificate2Collection()));
+            new SurfaceTlsConfiguration(null, null, new X509Certificate2Collection()))
+        {
+            CreatedAtUtc = DateTimeOffset.UtcNow
+        };
 
         var environment = new StubSurfaceEnvironment(settings);
         var configurator = new SurfaceCacheOptionsConfigurator(environment);

src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/SurfaceManifestStoreOptionsConfiguratorTests.cs

@@ -28,7 +28,10 @@ public sealed class SurfaceManifestStoreOptionsConfiguratorTests
             Array.Empty<string>(),
             new SurfaceSecretsConfiguration("file", "tenant-a", "/etc/secrets", null, null, false),
             "tenant-a",
-            new SurfaceTlsConfiguration(null, null, new X509Certificate2Collection()));
+            new SurfaceTlsConfiguration(null, null, new X509Certificate2Collection()))
+        {
+            CreatedAtUtc = DateTimeOffset.UtcNow
+        };
 
         var environment = new StubSurfaceEnvironment(settings);
         var cacheOptions = Microsoft.Extensions.Options.Options.Create(new SurfaceCacheOptions { RootDirectory = cacheRoot.FullName });