stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
052da7a7d058c59f337af1cc080b8303394c0c05
git.stella-ops.org/src/StellaOps.Concelier.Connector.Vndr.Msrc/TASKS.md
master 052da7a7d0 Rename Concelier Source modules to Connector
2025-10-18 20:47:13 +03:00

2.6 KiB
Raw Blame History

TASKS

Task Owner(s) Depends on Notes
FEEDCONN-MSRC-02-001 Document MSRC Security Update Guide API BE-Conn-MSRC Research DONE (2025-10-11) Confirmed REST endpoint (https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerabilities) + CVRF ZIP download flow, required Azure AD client-credentials scope (api://api.msrc.microsoft.com/.default), mandatory api-version=2024-08-01 header, and delta params (lastModifiedStartDateTime, lastModifiedEndDateTime). Findings recorded in docs/concelier-connector-research-20251011.md.
FEEDCONN-MSRC-02-002 Fetch pipeline & source state BE-Conn-MSRC Source.Common, Storage.Mongo DONE (2025-10-15) Added MsrcApiClient + token provider, cursor overlap handling, and detail persistence via GridFS (metadata carries CVRF URL + timestamps). State tracks lastModifiedCursor with configurable overlap/backoff. Next: coordinate with Tools on shared state-seeding helper once CVRF download flag stabilises.
FEEDCONN-MSRC-02-003 Parser & DTO implementation BE-Conn-MSRC Source.Common DONE (2025-10-15) Implemented MsrcDetailParser/DTOs capturing threats, remediations, KB IDs, CVEs, CVSS, and affected products (build/platform metadata preserved).
FEEDCONN-MSRC-02-004 Canonical mapping & range primitives BE-Conn-MSRC Models DONE (2025-10-15) MsrcMapper emits aliases (MSRC ID/CVE/KB), references (release notes + CVRF), vendor packages with msrc.build normalized rules, and CVSS provenance.
FEEDCONN-MSRC-02-005 Deterministic fixtures/tests QA Testing DONE (2025-10-15) Added StellaOps.Concelier.Connector.Vndr.Msrc.Tests with canned token/summary/detail responses and snapshot assertions via Mongo2Go. Fixtures regenerate via UPDATE_MSRC_FIXTURES.
FEEDCONN-MSRC-02-006 Telemetry & documentation DevEx Docs DONE (2025-10-15) Introduced MsrcDiagnostics meter (summary/detail/parse/map metrics), structured fetch logs, README updates, and Ops brief docs/ops/concelier-msrc-operations.md covering AAD onboarding + CVRF handling.
FEEDCONN-MSRC-02-007 API contract comparison memo BE-Conn-MSRC Research DONE (2025-10-11) Completed memo outline recommending dual-path (REST for incremental, CVRF for offline); implementation hinges on FEEDCONN-MSRC-02-008 AAD onboarding for token acquisition.
FEEDCONN-MSRC-02-008 Azure AD application onboarding Ops, BE-Conn-MSRC Ops DONE (2025-10-15) Coordinated Ops handoff; drafted AAD onboarding brief (docs/ops/concelier-msrc-operations.md) with app registration requirements, secret rotation policy, sample configuration, and CVRF mirroring guidance for Offline Kit.