stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
7b5bdcf4d3bee4e6f398d0226ba8cd3c2754e07a
git.stella-ops.org/src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund/TASKS.md
master 7b5bdcf4d3 feat(docs): Add comprehensive documentation for Vexer, Vulnerability Explorer, and Zastava modules 
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes.
- Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes.
- Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables.
- Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
2025-10-30 00:09:39 +02:00

3.6 KiB
Raw Blame History

TASKS

Task Owner(s) Depends on Notes
FEEDCONN-CERTBUND-02-001 Research CERT-Bund advisory endpoints BE-Conn-CERTBUND Research DONE (2025-10-11) Confirmed public RSS at https://wid.cert-bund.de/content/public/securityAdvisory/rss (HTTP200 w/out cookies), 250-item window, German titles/categories, and detail links pointing to Angular SPA. Captured header profile (no cache hints) and logged open item to discover the JSON API used by portal frontend.
FEEDCONN-CERTBUND-02-002 Fetch job & state persistence BE-Conn-CERTBUND Source.Common, Storage.Mongo DONE (2025-10-14) CertBundConnector.FetchAsync consumes RSS via session-bootstrapped client, stores per-advisory JSON documents with metadata + SHA, throttles detail requests, and maintains cursor state (pending docs/mappings, known advisory IDs, last published).
FEEDCONN-CERTBUND-02-003 Parser/DTO implementation BE-Conn-CERTBUND Source.Common DONE (2025-10-14) Detail JSON piped through CertBundDetailParser (raw DOM sanitised to HTML), capturing severity, CVEs, product list, and references into DTO records (cert-bund.detail.v1).
FEEDCONN-CERTBUND-02-004 Canonical mapping & range primitives BE-Conn-CERTBUND Models DONE (2025-10-14) CertBundMapper emits canonical advisories (aliases, references, vendor package ranges, provenance) with severity normalisation and deterministic ordering.
FEEDCONN-CERTBUND-02-005 Regression fixtures & tests QA Testing DONE (2025-10-14) Added StellaOps.Concelier.Connector.CertBund.Tests covering fetch→parse→map against canned RSS/JSON fixtures; integration harness uses Mongo2Go + canned HTTP handler; fixtures regenerate via UPDATE_CERTBUND_FIXTURES=1.
FEEDCONN-CERTBUND-02-006 Telemetry & documentation DevEx Docs DONE (2025-10-15) Added CertBundDiagnostics (meter StellaOps.Concelier.Connector.CertBund) with fetch/parse/map counters + histograms, recorded coverage days, wired stage summary logs, and published the ops runbook (docs/modules/concelier/operations/connectors/certbund.md).
FEEDCONN-CERTBUND-02-007 Feed history & locale assessment BE-Conn-CERTBUND Research DONE (2025-10-15) Measured RSS retention (~6days/≈250 items), captured connector-driven backfill guidance in the runbook, and aligned locale guidance (preserve language=de, Docs glossary follow-up). Next: coordinate with Tools to land the state-seeding helper so scripted backfills replace manual Mongo tweaks.
FEEDCONN-CERTBUND-02-008 Session bootstrap & cookie strategy BE-Conn-CERTBUND Source.Common DONE (2025-10-14) Feed client primes the portal session (cookie container via SocketsHttpHandler), shares cookies across detail requests, and documents bootstrap behaviour in options (PortalBootstrapUri).
FEEDCONN-CERTBUND-02-009 Offline Kit export packaging BE-Conn-CERTBUND, Docs Offline Kit DONE (2025-10-17) Added src/Tools/certbund_offline_snapshot.py to capture search/export JSON, emit deterministic manifests + SHA files, and refreshed docs (docs/modules/concelier/operations/connectors/certbund.md, docs/24_OFFLINE_KIT.md) with offline-kit instructions and manifest layout guidance. Seed data README/ignore rules cover local snapshot hygiene.
FEEDCONN-CERTBUND-02-010 Normalized range translator BE-Conn-CERTBUND Merge coordination (FEEDMERGE-COORD-02-900) TODO (due 2025-10-22) Translate product.Versions phrases (e.g., 2023.1 bis 2024.2, alle) into comparator strings for SemVerRangeRuleBuilder, emit NormalizedVersions with certbund:{advisoryId}:{vendor} provenance, and extend tests/README with localisation notes.