# GitHub Code Scanning Endpoints (Backend)

## Module
Scanner

## Status
VERIFIED

## Description
Backend endpoints for triggering SARIF uploads to GitHub Code Scanning are implemented, with a null service for environments without GitHub integration.

## Implementation Details
- **Endpoints**:
  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs` - `GitHubCodeScanningEndpoints` with `SarifUploadRequest`, `SarifUploadResponse`, `SarifUploadStatusResponse`, `AlertsListResponse`, `AlertResponse`
  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs` - `IGitHubCodeScanningService` interface, `GitHubUploadResult`, `GitHubUploadStatus`
- **Null Service**:
  - `src/Scanner/StellaOps.Scanner.WebService/Services/NullGitHubCodeScanningService.cs` - Null implementation for environments without GitHub
- **SARIF Export**:
  - `src/Scanner/StellaOps.Scanner.WebService/Services/ScanFindingsSarifExportService.cs` - Exports scan findings as SARIF for GitHub upload

## E2E Test Plan
- [ ] Upload a SARIF report to GitHub Code Scanning via the endpoint and verify acceptance
- [ ] Query upload status and verify it returns the correct status (pending, complete, error)
- [ ] Query alerts list and verify findings appear as GitHub Code Scanning alerts
- [ ] Verify the null service returns appropriate responses when GitHub integration is not configured
- [ ] Verify SARIF export includes all scan findings with correct location and severity mapping

---

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |