AGENTS

Role

Connector for Red Hat CSAF VEX feeds, fetching provider metadata, CSAF documents, and projecting them into raw storage for normalization.

Scope

Discovery via /.well-known/csaf/provider-metadata.json, scheduling windows, and ETag-aware HTTP fetches.
RedHatProviderMetadataLoader handles .well-known metadata with caching, schema validation, and offline snapshots.
RedHatCsafConnector consumes ROLIE feeds to fetch incremental CSAF documents, honours context.Since, and streams raw advisories to storage.
Mapping Red Hat CSAF specifics (product tree aliases, RHSA identifiers, revision history) into raw documents.
Emitting structured telemetry and resume markers for incremental pulls.
Supplying Red Hat-specific trust overrides and provenance hints to normalization.

Participants

Worker schedules pulls using this connector; WebService triggers ad-hoc runs.
CSAF normalizer consumes fetched documents to produce claims.
Policy/consensus rely on Red Hat trust metadata captured here.

Interfaces & contracts

Implements IVexConnector with Red Hat-specific options (parallelism, token auth if configured).
Uses abstractions from StellaOps.Excititor.Connectors.Abstractions for HTTP/resume helpers.

In/Out of scope

In: data acquisition, HTTP retries, raw document persistence, provider metadata population. Out: normalization, storage internals, attestation, general connector abstractions (covered elsewhere).

Observability & security expectations

Log provider metadata URL, revision ids, fetch durations; redact tokens.
Emit counters for documents fetched, skipped (304), quarantined.

Tests

Connector harness tests (mock HTTP) and resume regression cases will live in ../StellaOps.Excititor.Connectors.RedHat.CSAF.Tests.

1.8 KiB Raw Blame History