27 lines
1.5 KiB
Markdown
27 lines
1.5 KiB
Markdown
# GitHub Code Scanning Endpoints (Backend)
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Backend endpoints for triggering SARIF uploads to GitHub Code Scanning are implemented, with a null service for environments without GitHub integration.
|
|
|
|
## Implementation Details
|
|
- **Endpoints**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs` - `GitHubCodeScanningEndpoints` with `SarifUploadRequest`, `SarifUploadResponse`, `SarifUploadStatusResponse`, `AlertsListResponse`, `AlertResponse`
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs` - `IGitHubCodeScanningService` interface, `GitHubUploadResult`, `GitHubUploadStatus`
|
|
- **Null Service**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/NullGitHubCodeScanningService.cs` - Null implementation for environments without GitHub
|
|
- **SARIF Export**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/ScanFindingsSarifExportService.cs` - Exports scan findings as SARIF for GitHub upload
|
|
|
|
## E2E Test Plan
|
|
- [ ] Upload a SARIF report to GitHub Code Scanning via the endpoint and verify acceptance
|
|
- [ ] Query upload status and verify it returns the correct status (pending, complete, error)
|
|
- [ ] Query alerts list and verify findings appear as GitHub Code Scanning alerts
|
|
- [ ] Verify the null service returns appropriate responses when GitHub integration is not configured
|
|
- [ ] Verify SARIF export includes all scan findings with correct location and severity mapping
|