stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
536f6249a62721494f9735dafa8b9e53db7754ea
git.stella-ops.org/src/Scanner/StellaOps.Scanner.Worker/TASKS.md
master 536f6249a6
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
2025-11-08 20:53:45 +02:00

4.4 KiB
Raw Blame History

Scanner Worker Task Board

ID Status Owner(s) Depends on Description Exit Criteria
SCAN-REPLAY-186-002 TODO Scanner Worker Guild REPLAY-CORE-185-001 Enforce deterministic analyzer execution when consuming replay input bundles, emit layer Merkle metadata, and author docs/modules/scanner/deterministic-execution.md summarising invariants from docs/replay/DETERMINISTIC_REPLAY.md Section 4. Replay mode analyzers pass determinism tests; new doc merged; integration fixtures updated.
SCANNER-CRYPTO-90-001 DONE (2025-11-08) Scanner Worker Guild & Security Guild SEC-CRYPTO-90-005 Route remaining hashing and digest consumers (Surface pointers, manifest publishers, CAS helpers, Sbomer plugins) through ICryptoHash and the configured provider registry.
2025-11-08: Worker EntryTrace service, CAS helpers, and Sbomer plugin now depend on ICryptoHash; Local CAS + manifest writer persisted digests via providers; tests updated with CryptoHashFactory/TestCryptoHash helpers; runtime SHA256 calls removed.		 No direct SHA256.Create() usage in worker runtime; constructors accept ICryptoHash; tests updated.
SCANNER-SURFACE-01 DONE (2025-11-06) Scanner Worker Guild SURFACE-FS-02 Persist Surface.FS manifests after analyzer stages, including layer CAS metadata and EntryTrace fragments.
2025-11-02: Draft Surface.FS manifests emitted for sample scans; telemetry counters under review.
2025-11-06: Resuming with manifest writer abstraction, rotation metadata, and telemetry counters for Surface.FS persistence.
2025-11-06 21:05Z: Stage now persists manifest/payload caches, exports metrics to Prometheus/Grafana, and WebService pointer tests validate consumption.		 Integration tests prove cache entries exist; telemetry counters exported.

2025-11-05 19:18Z: Bound root directory to resolved Surface.Env settings and added unit coverage around the configurator. 2025-11-06 18:45Z: Resuming manifest persistence—planning publisher abstraction refactor, CAS storage wiring, and telemetry/test coverage. 2025-11-06 20:20Z: Hooked Surface metrics into Grafana (new dashboard JSON) and verified WebService consumption via end-to-end pointer test seeding manifest + payload entries. 2025-11-06 21:05Z: Completed Surface manifest cache + metrics work; tests/docs updated and task ready to close. | SCANNER-ENV-01 | TODO (2025-11-06) | Scanner Worker Guild | SURFACE-ENV-02 | Replace ad-hoc environment reads with StellaOps.Scanner.Surface.Env helpers for cache roots and CAS endpoints.
2025-11-02: Worker bootstrap now resolves cache roots via helper; warning path documented; smoke tests running.
2025-11-05 14:55Z: Extending helper usage into cache/secrets configuration, updating worker validator wiring, and drafting docs/tests for new Surface.Env outputs.
2025-11-06 17:05Z: README/design docs updated with warning catalogue; startup logging guidance captured for ops runbooks.
2025-11-06 07:45Z: Helm/Compose env profiles (dev/stage/prod/airgap/mirror) now seed SCANNER_SURFACE_* defaults to keep worker cache roots aligned with Surface.Env helpers.
2025-11-06 07:55Z: Paused; pending automation tracked via DEVOPS-OPENSSL-11-001/002 and Surface.Env test fixtures. | Worker boots with helper; misconfiguration warnings documented; smoke tests updated. | | SCANNER-SECRETS-01 | DONE (2025-11-06) | Scanner Worker Guild, Security Guild | SURFACE-SECRETS-02 | Adopt StellaOps.Scanner.Surface.Secrets for registry/CAS credentials during scan execution.
2025-11-02: Surface.Secrets provider wired for CAS token retrieval; integration tests added.
2025-11-06: Replaced registry credential plumbing with shared provider, added registry secret stage + metrics, and installed .NET 10 RC2 to validate parser/stage suites via targeted dotnet test. | Secrets fetched via shared provider; legacy secret code removed; integration tests cover rotation. | | SCAN-REACH-201-002 | DOING (2025-11-08) | Scanner Worker Guild | SIGNALS-24-002 | Implement language-aware reachability lifters (JVM/WALA, .NET Roslyn+IL, Go SSA, Node/Deno TS AST, Rust MIR, Swift SIL, shell/binary analyzers) emitting canonical SymbolIDs, CAS-stored callgraphs, and reachability:* SBOM tags consumed by Signals + Policy. | Fixture library + unit tests per language; CAS manifests published; SBOM components carry reachability tags; docs updated. |