stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
4bdc298ec1fc821ee0d9dda6d2d4643dcedf6b35
git.stella-ops.org/docs/features/unchecked/cli/cli-vulnerability-workflow-commands.md

2.2 KiB
Raw Blame History

CLI Vulnerability Workflow Commands

Module

Cli

Status

IMPLEMENTED

Description

Complete vulnerability triage CLI commands (stella vuln list/show/assign/comment/accept-risk/verify-fix/target-fix/reopen/simulate/export/bundle verify) enabling full vulnerability lifecycle management from the command line.

Implementation Details

  • Command Handlers: src/Cli/StellaOps.Cli/Commands/CommandHandlers.cs -- vulnerability workflow handlers
  • Watchlist Commands: src/Cli/StellaOps.Cli/Commands/WatchlistCommandGroup.cs -- WatchlistCommandGroup with Watchlist/ subdirectory
  • CVSS Client: src/Cli/StellaOps.Cli/Services/CvssClient.cs / ICvssClient.cs -- CVSS scoring client
  • Tests: src/Cli/__Tests/StellaOps.Cli.Tests/Commands/WatchlistCommandGoldenTests.cs
  • Commands:
    • stella vuln list -- list vulnerabilities with filtering. Options: --severity, --status, --limit
    • stella vuln show <cve> -- show vulnerability details
    • stella vuln assign <cve> --to <user> -- assign for triage
    • stella vuln comment <cve> --message <text> -- add triage comment
    • stella vuln accept-risk <cve> --reason <text> -- accept risk with justification
    • stella vuln verify-fix <cve> -- verify fix applied
    • stella vuln target-fix <cve> --version <ver> -- set target fix version
    • stella vuln reopen <cve> -- reopen a closed vulnerability
    • stella vuln simulate <cve> -- simulate policy impact
    • stella vuln export -- export vulnerability data
    • stella vuln bundle verify <path> -- verify vulnerability bundle

E2E Test Plan

  • Run stella vuln list --severity critical and verify filtered vulnerability listing
  • Run stella vuln show CVE-2024-1234 and verify detailed vulnerability info
  • Run stella vuln assign CVE-2024-1234 --to admin and verify assignment
  • Run stella vuln comment CVE-2024-1234 --message "Investigating" and verify comment added
  • Run stella vuln accept-risk CVE-2024-1234 --reason "Mitigated by WAF" and verify risk acceptance
  • Run stella vuln verify-fix CVE-2024-1234 and verify fix verification
  • Run stella vuln export --format json and verify JSON export
  • Verify full lifecycle: assign -> comment -> target-fix -> verify-fix