save checkpoint
This commit is contained in:
master
47
docs/features/checked/scanner/signed-triage-decisions.md
Normal file
47
docs/features/checked/scanner/signed-triage-decisions.md
Normal file
@@ -0,0 +1,47 @@
|
||||
# Signed Triage Decisions
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
VERIFIED
|
||||
|
||||
## Description
|
||||
Triage decisions are tracked with rationale, evidence linkage, and unified evidence composition supporting attestation chains.
|
||||
|
||||
## Implementation Details
|
||||
- **Triage Decision Model**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageDecision.cs` - `TriageDecision` entity tracking triage decisions with rationale, user attribution, and evidence linkage
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageFinding.cs` - `TriageFinding` entity linking findings to triage decisions
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEvidenceArtifact.cs` - `TriageEvidenceArtifact` linking evidence artifacts to triage decisions for attestation chains
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEnums.cs` - Enums for triage status, decision types, and evidence artifact types
|
||||
- **Database Context**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/TriageDbContext.cs` - `TriageDbContext` EF Core database context for triage persistence
|
||||
- **Unified Evidence**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/UnifiedEvidenceService.cs` - `UnifiedEvidenceService` composing triage decisions with unified evidence for attestation
|
||||
- **Triage Status Service**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Services/TriageStatusService.cs` - `TriageStatusService` managing triage workflow state transitions
|
||||
- **API Contracts**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/TriageContracts.cs` - API contracts for triage decision endpoints
|
||||
- **Tests**:
|
||||
- `src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageSchemaIntegrationTests.cs` - Schema integration tests
|
||||
- `src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageQueryPerformanceTests.cs` - Query performance tests
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Create a triage decision for a vulnerability finding with rationale and verify it persists with correct evidence linkage
|
||||
- [ ] Verify triage decisions include user attribution (who made the decision and when)
|
||||
- [ ] Verify `UnifiedEvidenceService` composes triage decisions into attestation-compatible evidence chains
|
||||
- [ ] Verify triage decision state transitions follow the expected workflow (e.g., Open -> Accepted/Rejected -> Closed)
|
||||
- [ ] Verify `TriageEvidenceArtifact` links supporting evidence (scan results, VEX statements, reachability analysis) to triage decisions
|
||||
- [ ] Verify triage query performance is within acceptable limits for large finding sets
|
||||
|
||||
---
|
||||
|
||||
## Verification
|
||||
|
||||
| Check | Result |
|
||||
|-------|--------|
|
||||
| Tier 0 - Source files exist | PASS |
|
||||
| Tier 1 - Build + code review | PASS |
|
||||
| Tier 2 - Integration tests | PASS |
|
||||
| Verified | 2026-02-13T18:10:00Z |
|
||||
Reference in New Issue
Block a user