stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
docs/features/checked/scanner/service-endpoint-security-analysis.md Normal file
View File

@@ -0,0 +1,43 @@
# Service Endpoint Security Analysis (Scanner)
## Module
Scanner
## Status
VERIFIED
## Description
Scanner analyzes service endpoints declared in CycloneDX 1.7 SBOMs for security issues including missing authentication, trust boundary violations, and unsafe data flows. Produces ServiceSecurityReport with findings and dependency chains.
## Implementation Details
- **Security Analyzer**:
- `src/Scanner/__Libraries/StellaOps.Scanner.ServiceSecurity/ServiceSecurityAnalyzer.cs` - `ServiceSecurityAnalyzer` analyzing service endpoints from CycloneDX 1.7 SBOMs for authentication, authorization, trust boundary, and data flow security issues
- `src/Scanner/__Libraries/StellaOps.Scanner.ServiceSecurity/ServiceSecurityServiceCollectionExtensions.cs` - DI registration for service security analysis
- **Models**:
- `src/Scanner/__Libraries/StellaOps.Scanner.ServiceSecurity/Models/ServiceSecurityModels.cs` - `ServiceSecurityReport`, `ServiceSecurityFinding`, and related models for security analysis results
- **Report Formatting**:
- `src/Scanner/__Libraries/StellaOps.Scanner.ServiceSecurity/Reporting/ServiceSecurityReportFormatter.cs` - `ServiceSecurityReportFormatter` formatting security reports for output
- **Pipeline Integration**:
- `src/Scanner/StellaOps.Scanner.Worker/Processing/ServiceSecurity/ServiceSecurityStageExecutor.cs` - `ServiceSecurityStageExecutor` scanner worker pipeline stage for service security analysis
- **Tests**:
- `src/Scanner/__Tests/StellaOps.Scanner.ServiceSecurity.Tests/ServiceSecurityAnalyzerTests.cs` - Unit tests for the analyzer
- `src/Scanner/__Tests/StellaOps.Scanner.ServiceSecurity.Tests/ServiceSecurityIntegrationTests.cs` - Integration tests
## E2E Test Plan
- [ ] Analyze a CycloneDX 1.7 SBOM with service endpoint declarations and verify `ServiceSecurityAnalyzer` produces a `ServiceSecurityReport` with findings
- [ ] Verify findings include missing authentication detection for endpoints that lack auth configuration
- [ ] Verify trust boundary violations are detected when services cross security zones without proper controls
- [ ] Verify unsafe data flow patterns (e.g., user input directly to database) are flagged with dependency chains
- [ ] Verify the `ServiceSecurityStageExecutor` integrates into the scanner worker pipeline and processes service sections from SBOMs
- [ ] Verify the report formatter produces both human-readable and machine-parseable output formats
---
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |