2141fea4b6
- GitHubApp: 11 new tests (health, CRUD lifecycle, update, delete, UI SCM tab) - Advisory pipeline: 16 tests (fixture data verification, source management smoke, initial/incremental sync, cross-source merge, canonical query API, UI catalog) with KEV/GHSA/EPSS fixture data files for deterministic testing - Rekor transparency: 7 tests (container health, submit/get/verify round-trip, log consistency, attestation API) gated behind E2E_REKOR=1 - eBPF agent: 3 edge case tests (unreachable endpoint, coexistence, degraded health) plus mock limitation documentation in test header - Fix UI search race: wait for table rows before counting rowsBefore - Advisory fixture now serves real data (KEV JSON, GHSA list, EPSS CSV) - Runtime host fixture adds degraded health endpoint Suite: 143 passed, 0 failed, 32 skipped in 13.5min (up from 123 tests) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
86 lines
3.1 KiB
Plaintext
86 lines
3.1 KiB
Plaintext
server {
|
|
listen 80;
|
|
server_name advisory-fixture.stella-ops.local;
|
|
|
|
default_type application/json;
|
|
|
|
# -----------------------------------------------------------------------
|
|
# Advisory data endpoints (for pipeline sync tests)
|
|
# -----------------------------------------------------------------------
|
|
|
|
# KEV catalog — realistic CISA Known Exploited Vulnerabilities feed
|
|
location = /kev/known_exploited_vulnerabilities.json {
|
|
alias /etc/nginx/data/kev-catalog.json;
|
|
add_header Content-Type "application/json";
|
|
add_header ETag '"e2e-kev-v1"';
|
|
}
|
|
|
|
# GHSA list — GitHub Security Advisories (REST-style)
|
|
location = /ghsa/security/advisories {
|
|
alias /etc/nginx/data/ghsa-list.json;
|
|
add_header Content-Type "application/json";
|
|
add_header X-RateLimit-Limit "5000";
|
|
add_header X-RateLimit-Remaining "4990";
|
|
add_header X-RateLimit-Reset "1893456000";
|
|
}
|
|
|
|
# EPSS scores — Exploit Prediction Scoring System (CSV)
|
|
location = /epss/epss_scores-current.csv {
|
|
alias /etc/nginx/data/epss-scores.csv;
|
|
add_header Content-Type "text/csv";
|
|
}
|
|
|
|
# -----------------------------------------------------------------------
|
|
# Source health/connectivity endpoints (for onboarding tests)
|
|
# -----------------------------------------------------------------------
|
|
|
|
# CERT-In (India) - unreachable from most networks
|
|
location /cert-in {
|
|
return 200 '{"status":"healthy","source":"cert-in","description":"CERT-In fixture proxy"}';
|
|
}
|
|
|
|
# FSTEC BDU (Russia) - unreachable from most networks
|
|
location /fstec-bdu {
|
|
return 200 '{"status":"healthy","source":"fstec-bdu","description":"FSTEC BDU fixture proxy"}';
|
|
}
|
|
|
|
# StellaOps Mirror - does not exist yet
|
|
location /stella-mirror {
|
|
return 200 '{"status":"healthy","source":"stella-mirror","version":"1.0.0","description":"StellaOps Advisory Mirror fixture"}';
|
|
}
|
|
|
|
# VEX Hub - local fixture
|
|
location /vex {
|
|
return 200 '{"status":"healthy","source":"vex","description":"VEX Hub fixture proxy"}';
|
|
}
|
|
|
|
# Exploit-DB - blocks automated requests
|
|
location /exploitdb {
|
|
return 200 '{"status":"healthy","source":"exploitdb","description":"Exploit-DB fixture proxy"}';
|
|
}
|
|
|
|
# AMD Security - blocks automated requests
|
|
location /amd {
|
|
return 200 '{"status":"healthy","source":"amd","description":"AMD Security fixture proxy"}';
|
|
}
|
|
|
|
# Siemens ProductCERT - blocks automated requests
|
|
location /siemens {
|
|
return 200 '{"status":"healthy","source":"siemens","description":"Siemens ProductCERT fixture proxy"}';
|
|
}
|
|
|
|
# Ruby Advisory DB (bundler-audit) - GitHub raw content issues
|
|
location /bundler-audit {
|
|
return 200 '{"status":"healthy","source":"bundler-audit","description":"Ruby Advisory DB fixture proxy"}';
|
|
}
|
|
|
|
# Catch-all health endpoint
|
|
location /health {
|
|
return 200 '{"status":"healthy","service":"advisory-fixture"}';
|
|
}
|
|
|
|
location / {
|
|
return 200 '{"status":"healthy","service":"advisory-fixture"}';
|
|
}
|
|
}
|