git.stella-ops.org/src/Tools/StellaOps.Tools.WorkflowGenerator/ScanConfig.cs

// <copyright file="ScanConfig.cs" company="StellaOps">
// Copyright (c) StellaOps. Licensed under the AGPL-3.0-or-later.
// </copyright>

using System.Collections.Immutable;

namespace StellaOps.Tools.WorkflowGenerator;

/// <summary>
/// Scan configuration for the workflow.
/// Sprint: SPRINT_20260109_010_003 Task: Create models
/// </summary>
public sealed record ScanConfig
{
    /// <summary>
    /// StellaOps CLI version to use.
    /// </summary>
    public string CliVersion { get; init; } = "latest";

    /// <summary>
    /// Image to scan (container image reference).
    /// </summary>
    public string? ImageRef { get; init; }

    /// <summary>
    /// Path to scan (file system path).
    /// </summary>
    public string? ScanPath { get; init; } = ".";

    /// <summary>
    /// Minimum severity to report.
    /// </summary>
    public string MinSeverity { get; init; } = "medium";

    /// <summary>
    /// Enable vulnerability scanning.
    /// </summary>
    public bool ScanVulnerabilities { get; init; } = true;

    /// <summary>
    /// Enable secret scanning.
    /// </summary>
    public bool ScanSecrets { get; init; } = true;

    /// <summary>
    /// Enable SBOM generation.
    /// </summary>
    public bool GenerateSbom { get; init; } = true;

    /// <summary>
    /// Include reachability analysis.
    /// </summary>
    public bool IncludeReachability { get; init; } = false;

    /// <summary>
    /// Fail build on findings above this severity.
    /// </summary>
    public string? FailOnSeverity { get; init; }

    /// <summary>
    /// Additional CLI arguments.
    /// </summary>
    public ImmutableArray<string> AdditionalArgs { get; init; } = [];

    /// <summary>
    /// Default configuration for repository scanning.
    /// </summary>
    public static ScanConfig DefaultRepository => new()
    {
        ScanPath = ".",
        MinSeverity = "medium",
        ScanVulnerabilities = true,
        ScanSecrets = true,
        GenerateSbom = true
    };

    /// <summary>
    /// Configuration for container image scanning.
    /// </summary>
    public static ScanConfig ContainerImage(string imageRef) => new()
    {
        ImageRef = imageRef,
        ScanPath = null,
        MinSeverity = "low",
        ScanVulnerabilities = true,
        ScanSecrets = false,
        GenerateSbom = true
    };
}