stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
7b5bdcf4d3bee4e6f398d0226ba8cd3c2754e07a
git.stella-ops.org/src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Msrc/TASKS.md
master 7b5bdcf4d3 feat(docs): Add comprehensive documentation for Vexer, Vulnerability Explorer, and Zastava modules 
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes.
- Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes.
- Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables.
- Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
2025-10-30 00:09:39 +02:00

2.6 KiB
Raw Blame History

TASKS

Task Owner(s) Depends on Notes
FEEDCONN-MSRC-02-001 Document MSRC Security Update Guide API BE-Conn-MSRC Research DONE (2025-10-11) Confirmed REST endpoint (https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerabilities) + CVRF ZIP download flow, required Azure AD client-credentials scope (api://api.msrc.microsoft.com/.default), mandatory api-version=2024-08-01 header, and delta params (lastModifiedStartDateTime, lastModifiedEndDateTime). Findings recorded in docs/concelier-connector-research-20251011.md.
FEEDCONN-MSRC-02-002 Fetch pipeline & source state BE-Conn-MSRC Source.Common, Storage.Mongo DONE (2025-10-15) Added MsrcApiClient + token provider, cursor overlap handling, and detail persistence via GridFS (metadata carries CVRF URL + timestamps). State tracks lastModifiedCursor with configurable overlap/backoff. Next: coordinate with Tools on shared state-seeding helper once CVRF download flag stabilises.
FEEDCONN-MSRC-02-003 Parser & DTO implementation BE-Conn-MSRC Source.Common DONE (2025-10-15) Implemented MsrcDetailParser/DTOs capturing threats, remediations, KB IDs, CVEs, CVSS, and affected products (build/platform metadata preserved).
FEEDCONN-MSRC-02-004 Canonical mapping & range primitives BE-Conn-MSRC Models DONE (2025-10-15) MsrcMapper emits aliases (MSRC ID/CVE/KB), references (release notes + CVRF), vendor packages with msrc.build normalized rules, and CVSS provenance.
FEEDCONN-MSRC-02-005 Deterministic fixtures/tests QA Testing DONE (2025-10-15) Added StellaOps.Concelier.Connector.Vndr.Msrc.Tests with canned token/summary/detail responses and snapshot assertions via Mongo2Go. Fixtures regenerate via UPDATE_MSRC_FIXTURES.
FEEDCONN-MSRC-02-006 Telemetry & documentation DevEx Docs DONE (2025-10-15) Introduced MsrcDiagnostics meter (summary/detail/parse/map metrics), structured fetch logs, README updates, and Ops brief docs/modules/concelier/operations/connectors/msrc.md covering AAD onboarding + CVRF handling.
FEEDCONN-MSRC-02-007 API contract comparison memo BE-Conn-MSRC Research DONE (2025-10-11) Completed memo outline recommending dual-path (REST for incremental, CVRF for offline); implementation hinges on FEEDCONN-MSRC-02-008 AAD onboarding for token acquisition.
FEEDCONN-MSRC-02-008 Azure AD application onboarding Ops, BE-Conn-MSRC Ops DONE (2025-10-15) Coordinated Ops handoff; drafted AAD onboarding brief (docs/modules/concelier/operations/connectors/msrc.md) with app registration requirements, secret rotation policy, sample configuration, and CVRF mirroring guidance for Offline Kit.