b1e78fe412
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys. - Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries. - Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads. - Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options. - Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads. - Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features. - Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
3.2 KiB
3.2 KiB
Scanner API — Windows/macOS Coverage Signals (Draft)
Audience: Solutions engineers, product managers, guild leads coordinating Windows/macOS roadmap
Status: Informational; update as interviews conclude
Summary
| Region | Accounts referenced | Primary workloads | Demand strength (1-5) | Blocking? | Notes |
|---|---|---|---|---|---|
| North America | Northwind Health Services; FinSecure Corp | macOS CI runners; Windows Server 2019 workloads | 4-5 | macOS: evaluation; Windows: blocking | Demo 2025-11-10; Security decision due 2025-11-07. |
| EMEA | — | — | — | — | — |
| APAC | — | — | — | — | — |
| Gov / Regulated | — | — | — | — | — |
Key drivers
- Customers with regulated Windows Server/desktop estates lack deterministic SBOM coverage and provenance.
- macOS development shops (Mobile, Gaming) require entitlements/notarization evidence for compliance.
- Offline/air-gapped environments need signed rule bundles and feed mirrors for Windows/macOS ecosystems.
Competitive landscape
- Trivy/Grype/Snyk remain Linux-focused; Windows/macOS features are roadmap items or SaaS-only.
- Opportunity to differentiate via deterministic evidence, policy integration, and offline parity.
Design references
../../modules/scanner/design/macos-analyzer.md../../modules/scanner/design/windows-analyzer.md
Action items
- Maintain region rows using interview summaries from
docs/benchmarks/scanner/windows-macos-demand.md(last update 2025-11-03; capture via the interview template). - Track readiness decisions by updating POLICY-READINESS-0001/0002 status and recording outcomes in the summary table.
- Align backlog references (
SCANNER-ENG-0020..0027,DOCS-SCANNER-BENCH-62-016) with product prioritisation after each roadmap review.
Open blockers
- FinSecure PCI audit pending POLICY-READINESS-0002 decision (due 2025-11-07); unblock Windows analyzer spike scheduling.
- Northwind macOS readiness workshop scheduled 2025-11-10; capture masking/telemetry decisions for POLICY-READINESS-0001.
Interview log (selected)
| Date | Customer | Platform focus | Signal summary | Strength (1-5) | Follow-up |
|---|---|---|---|---|---|
| 2025-11-03 | Northwind Health Services | macOS | Needs notarization/entitlement visibility for CI runners | 4 | Demo 2025-11-10 with Product; feed findings into POLICY-READINESS-0001. |
| 2025-11-03 | FinSecure Corp | Windows | Requires MSI/WinSxS SBOM + signed driver attestations for PCI audit | 5 | Security guild to resolve Authenticode posture (POLICY-READINESS-0002) by 2025-11-07. |
Required artefacts
- Maintain interview notes using
docs/benchmarks/scanner/windows-macos-interview-template.md. - Update demand tracker tables in
docs/benchmarks/scanner/windows-macos-demand.md. - Sync backlog entries in
docs/modules/scanner/TASKS.mdanddocs/scanner/design/*.md.
Next steps
- Collect at least three qualified Windows and macOS requests; update summary table.
- Present findings to Scanner Guild for prioritisation (target Sprint 133 design spike).
- Coordinate policy readiness briefs (
docs/modules/policy/windows-package-readiness.md) and design docs (design/macos-analyzer.md,design/windows-analyzer.md).