stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
main
git.stella-ops.org/docs-archived/implplan-blocked/audits/csproj-standards/Scanner/StellaOps.Scanner.WebService/StellaOps.Scanner.WebService.md
master b5829dce5c archive audit attempts
2026-02-19 22:07:11 +02:00

13 KiB
Raw Permalink Blame History

Audit - StellaOps.Scanner.WebService

Project

  • Path: src/Scanner/StellaOps.Scanner.WebService/StellaOps.Scanner.WebService.csproj
  • Module: Scanner
  • Kind: WebService
  • SDK: Microsoft.NET.Sdk.Web
  • TargetFramework: net10.0
  • Audit date (UTC): 2026-01-30

Coding Standards Findings

  • Status: FAIL
  • Nullable: enable
  • TreatWarningsAsErrors: explicit true
  • Deterministic: inherited true
  • 100-line rule violations: 128
  • Service locator usage (BuildServiceProvider/GetService): 0
  • Analyzer enforcement: missing repo-wide (see summary).

Details

  • 100-line files:
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaEvidenceEndpoints.cs (831 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/ReportEventDispatcher.cs (819 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceBundleExporter.cs (777 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScanEndpoints.cs (766 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/SourcesEndpoints.cs (758 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/OfflineAttestationVerifier.cs (741 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/SignedSbomArchiveBuilder.cs (727 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitImportService.cs (686 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/RuntimeInventoryReconciler.cs (681 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/AttestationChainVerifier.cs (670 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/WebhookEndpoints.cs (668 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/OrchestratorEventContracts.cs (662 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/SbomByosUploadService.cs (651 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Program.cs (647 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/CounterfactualEndpoints.cs (610 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/PrAnnotationWebhookHandler.cs (590 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/PrAnnotationService.cs (589 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/PolicyEndpoints.cs (586 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ApprovalEndpoints.cs (549 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Options/ScannerWebServiceOptions.cs (537 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/RuntimePolicyService.cs (533 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/UnifiedEvidenceContracts.cs (523 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/SecretDetectionSettingsService.cs (497 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Options/ScannerWebServiceOptionsValidator.cs (494 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ExportEndpoints.cs (487 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/IOfflineAttestationVerifier.cs (481 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/EvidenceCompositionService.cs (468 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/TriageContracts.cs (464 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/SmartDiffEndpoints.cs (463 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/FindingRationaleService.cs (449 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Controllers/TriageController.cs (444 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/DeltaCompareContracts.cs (440 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/ReplayCommandService.cs (435 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEndpoints.cs (421 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/SliceEndpoints.cs (386 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/SecretDetectionSettingsEndpoints.cs (373 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs (371 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/AttestationChain.cs (366 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/TriageStatusService.cs (365 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/UnifiedEvidenceService.cs (363 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/PolicyDtoMapper.cs (356 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/FeedChangeRescoreJob.cs (354 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ValidationEndpoints.cs (346 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/OfflineKitEndpoints.cs (341 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/SliceQueryService.cs (336 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/LayerSbomEndpoints.cs (336 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/RuntimeEndpoints.cs (332 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEvidenceEndpoints.cs (328 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/EpssEndpoints.cs (324 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/UnknownsEndpoints.cs (323 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/RationaleContracts.cs (322 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/SecretDetectionConfigContracts.cs (319 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/HumanApprovalAttestationService.cs (316 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Replay/RecordModeService.cs (315 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/GatingReasonService.cs (312 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ActionablesEndpoints.cs (309 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitManifestService.cs (307 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityDriftEndpoints.cs (307 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ManifestEndpoints.cs (306 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/TriageStatusEndpoints.cs (301 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReportEndpoints.cs (301 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitMetricsStore.cs (294 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/SurfacePointerService.cs (293 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/BaselineEndpoints.cs (292 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityStackEndpoints.cs (292 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaCompareEndpoints.cs (291 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScoreReplayEndpoints.cs (283 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Middleware/IdempotencyMiddleware.cs (271 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/OciAttestationPublisher.cs (270 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/ReportSigner.cs (267 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/VexGateContracts.cs (264 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/GatingContracts.cs (264 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/SbomExportService.cs (264 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/LayerSbomService.cs (262 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/RuntimeEventRateLimiter.cs (261 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/DeltaScanRequestHandler.cs (260 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/WitnessEndpoints.cs (253 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/EvidenceEndpoints.cs (253 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Options/ScannerSurfaceSecretConfigurator.cs (246 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/HumanApprovalStatement.cs (244 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/CallGraphEndpoints.cs (244 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Serialization/OrchestratorEventSerializer.cs (239 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/RuntimeEventIngestionService.cs (234 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/CallGraphIngestionService.cs (232 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/SbomContracts.cs (231 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/BaselineContracts.cs (228 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/ReachabilityContracts.cs (225 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/ReportContracts.cs (222 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/ScoreReplayService.cs (221 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/RuntimePolicyContracts.cs (216 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/RichGraphAttestationService.cs (216 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/ReplayCommandContracts.cs (212 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/VexGateQueryService.cs (208 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/IHumanApprovalAttestationService.cs (206 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/PolicyDecisionAttestationService.cs (204 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/ManifestContracts.cs (201 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/PolicyDecisionStatement.cs (200 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/FindingEvidenceContracts.cs (198 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/InMemoryScanCoordinator.cs (197 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ProofSpineEndpoints.cs (196 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/PolicyPreviewContracts.cs (195 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/SbomIngestionService.cs (192 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/ScanFindingsSarifExportService.cs (187 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/LinksetResolver.cs (181 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/IEvidenceBundleExporter.cs (180 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/SbomEndpoints.cs (174 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/IRichGraphAttestationService.cs (174 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/ConcelierHttpLinksetQueryService.cs (172 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/RichGraphStatement.cs (166 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/ProofBundleEndpoints.cs (164 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/HealthEndpoints.cs (160 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/ProofSpineContracts.cs (158 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/IPolicyDecisionAttestationService.cs (157 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/RedisPlatformEventPublisher.cs (155 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/ScanProgressStream.cs (150 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/InMemoryScanManifestRepository.cs (148 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/ILayerSbomService.cs (146 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/OfflineKitContracts.cs (143 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Controllers/VexGateController.cs (143 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/TestManifestRepository.cs (142 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/LayerSbomContracts.cs (141 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Extensions/RateLimitingExtensions.cs (127 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Services/IVexGateQueryService.cs (126 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/TriageInboxEndpoints.cs (123 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Options/ScannerStorageOptionsPostConfigurator.cs (118 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/RuntimeEventsContracts.cs (110 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Options/ScannerWebServiceOptionsPostConfigure.cs (110 lines)
    • src/Scanner/StellaOps.Scanner.WebService/Serialization/DeterministicCborSerializer.cs (108 lines)
  • Service locator matches:
    • none

Fix Guidance

  • Split files over 100 lines into smaller types or partials.

Testing Fullness Findings

  • Status: FAIL
  • Expected layers: Unit, Integration, Security, Offline, Performance
  • Detected test projects: src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/StellaOps.Scanner.WebService.Tests.csproj [Unit]
  • Missing layers: Integration, Security, Offline, Performance

Manual checks required

  • Observability contract tests for WebService/Worker.
  • Offline execution (tests must run without network access).

Fix Guidance

  • Add integration tests for cross-component flows.
  • Add security tests for authn/authz or input validation.
  • Add offline/airgap coverage with fixtures only.
  • Add performance regression coverage for scanner/export/release paths.