stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
6be4a25d178319a8f79ecea48434cff0174482d3
git.stella-ops.org/docs/features/checked/scanner/signed-triage-decisions.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.7 KiB
Raw Blame History

Signed Triage Decisions

Module

Scanner

Status

VERIFIED

Description

Triage decisions are tracked with rationale, evidence linkage, and unified evidence composition supporting attestation chains.

Implementation Details

  • Triage Decision Model:
    • src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageDecision.cs - TriageDecision entity tracking triage decisions with rationale, user attribution, and evidence linkage
    • src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageFinding.cs - TriageFinding entity linking findings to triage decisions
    • src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEvidenceArtifact.cs - TriageEvidenceArtifact linking evidence artifacts to triage decisions for attestation chains
    • src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEnums.cs - Enums for triage status, decision types, and evidence artifact types
  • Database Context:
    • src/Scanner/__Libraries/StellaOps.Scanner.Triage/TriageDbContext.cs - TriageDbContext EF Core database context for triage persistence
  • Unified Evidence:
    • src/Scanner/StellaOps.Scanner.WebService/Services/UnifiedEvidenceService.cs - UnifiedEvidenceService composing triage decisions with unified evidence for attestation
  • Triage Status Service:
    • src/Scanner/StellaOps.Scanner.WebService/Services/TriageStatusService.cs - TriageStatusService managing triage workflow state transitions
  • API Contracts:
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/TriageContracts.cs - API contracts for triage decision endpoints
  • Tests:
    • src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageSchemaIntegrationTests.cs - Schema integration tests
    • src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageQueryPerformanceTests.cs - Query performance tests

E2E Test Plan

  • Create a triage decision for a vulnerability finding with rationale and verify it persists with correct evidence linkage
  • Verify triage decisions include user attribution (who made the decision and when)
  • Verify UnifiedEvidenceService composes triage decisions into attestation-compatible evidence chains
  • Verify triage decision state transitions follow the expected workflow (e.g., Open -> Accepted/Rejected -> Closed)
  • Verify TriageEvidenceArtifact links supporting evidence (scan results, VEX statements, reachability analysis) to triage decisions
  • Verify triage query performance is within acceptable limits for large finding sets

Verification

Check Result
Tier 0 - Source files exist PASS
Tier 1 - Build + code review PASS
Tier 2 - Integration tests PASS
Verified 2026-02-13T18:10:00Z