stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
6e00a48e00da3b2cfbd976a53254275fa63583a6
git.stella-ops.org/docs/features/checked/web/ui-driven-vulnerability-annotation-and-state-management.md
master 5bca406787 save checkpoint: save features
2026-02-12 10:27:23 +02:00

2.7 KiB
Raw Blame History

UI-Driven Vulnerability Annotation and State Management

Module

Web

Status

VERIFIED

Description

UI workflow for vulnerability lifecycle state management (open -> in_review -> mitigated -> closed, plus false_positive and deferred branches), VEX candidate review and approval, and auditable operator decision flow through the triage dashboard.

Implementation Details

  • Feature directory: src/Web/StellaOps.Web/src/app/features/vulnerabilities/
  • Route surface:
    • src/Web/StellaOps.Web/src/app/app.routes.ts (/vulnerabilities/triage)
  • Components:
    • vuln-triage-dashboard (src/Web/StellaOps.Web/src/app/features/vulnerabilities/components/vuln-triage-dashboard/vuln-triage-dashboard.component.ts)
    • vulnerability-detail (src/Web/StellaOps.Web/src/app/features/vulnerabilities/vulnerability-detail.component.ts)
    • vulnerability-explorer (src/Web/StellaOps.Web/src/app/features/vulnerabilities/vulnerability-explorer.component.ts)
  • APIs/Models:
    • src/Web/StellaOps.Web/src/app/core/api/vuln-annotation.client.ts
    • src/Web/StellaOps.Web/src/app/core/api/vuln-annotation.models.ts
  • Behavior coverage:
    • src/Web/StellaOps.Web/src/tests/vulnerabilities/ui-driven-vulnerability-annotation-and-state-management.behavior.spec.ts
  • Source: SPRINT_4000_0100_0002_vuln_annotation.md

E2E Test Plan

  • Setup:
    • Log in with a user that has vulnerability triage permissions
    • Navigate to /vulnerabilities/triage
    • Ensure fixture/API data exists for findings and pending VEX candidates
  • Core verification:
    • Verify summary, findings, and VEX candidate lists load on dashboard init
    • Verify state transition modal submits target state/justification and refreshes state
    • Verify candidate approve/reject actions submit deterministic payloads and refresh candidate/summary views
    • Verify details action routes to /vulnerabilities/:vulnId
  • Edge cases:
    • Verify graceful handling when vulnerability annotation APIs are unavailable
    • Verify empty-list rendering for filtered findings/candidates
    • Verify accessibility basics (keyboard navigation and semantic labels)

Verification

  • Run ID: docs/qa/feature-checks/runs/web/ui-driven-vulnerability-annotation-and-state-management/run-001/
  • Date (UTC): 2026-02-11
  • Tier 0: PASS (source/symbol verification for triage route mounting, details navigation wiring, and supported behavior harness under src/tests/**).
  • Tier 1: PASS (npm run test focused suite: 25 files / 123 tests; npm run build passed with known baseline warnings).
  • Tier 2: PASS (route declaration, init data load, state transition flow, candidate approve/reject flow, and details-route navigation behavior).