stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
b1e78fe41273a80c09ca56e37f273fc64d2a0a32
git.stella-ops.org/docs/modules/scanner/TASKS.md
master b1e78fe412
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Implement vulnerability token signing and verification utilities 
- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys.
- Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries.
- Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads.
- Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options.
- Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads.
- Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features.
- Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
2025-11-03 10:04:10 +02:00

7.8 KiB
Raw Blame History

Task board — Scanner

Local tasks should link back to ./AGENTS.md and mirror status updates into ../../TASKS.md when applicable.

ID Status Owner(s) Description Notes
SCANNER-DOCS-0001 DOING (2025-10-29) Docs Guild Validate that ./README.md aligns with the latest release notes. See ./AGENTS.md
SCANNER-DOCS-0002 DONE (2025-11-02) Docs Guild Keep scanner benchmark comparisons (Trivy/Grype/Snyk) and deep-dive matrix current with source references. Coordinate with docs/benchmarks owners
SCANNER-DOCS-0003 TODO Docs Guild, Product Guild Gather Windows/macOS analyzer demand signals and record findings in docs/benchmarks/scanner/windows-macos-demand.md. Coordinate with Product Marketing & Sales enablement
SCANNER-ENG-0008 TODO EntryTrace Guild, QA Guild Maintain EntryTrace heuristic cadence per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md. Include quarterly pattern review + explain trace updates
SCANNER-ENG-0009 DOING (2025-11-02) Ruby Analyzer Guild SCANNER-ANALYZERS-RUBY-28-001..012 Deliver Ruby analyzer parity and observation pipeline per gap doc (lockfiles, runtime graph, policy signals).
SCANNER-ENG-0010 TODO PHP Analyzer Guild SCANNER-ANALYZERS-PHP-27-001..012 Ship PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps.
SCANNER-ENG-0011 TODO Language Analyzer Guild Scope Deno runtime analyzer (lockfile resolver, import graphs) based on competitor techniques.
SCANNER-ENG-0012 TODO Language Analyzer Guild Evaluate Dart analyzer requirements (pubspec parsing, AOT artifacts) to restore parity.
SCANNER-ENG-0013 TODO Swift Analyzer Guild Plan Swift Package Manager coverage (Package.resolved, xcframeworks, runtime hints) with policy hooks.
SCANNER-ENG-0014 TODO Runtime Guild, Zastava Guild Align Kubernetes/VM target coverage roadmap between Scanner and Zastava per comparison findings.
SCANNER-ENG-0015 TODO Export Center Guild, Scanner Guild Document DSSE/Rekor operator enablement guidance and rollout levers surfaced in gap analysis.
SCANNER-ENG-0016 DOING (2025-11-02) Ruby Analyzer Guild (Lockfile Squad) Implement RubyLockCollector and vendor cache ingestion per design §4.14.3. Coordinate fixtures under fixtures/lang/ruby/lockfiles; target alpha by Sprint 21.
SCANNER-ENG-0017 TODO Ruby Analyzer Guild (Runtime Squad) Build runtime require/autoload graph builder with tree-sitter Ruby per design §4.4. Deliver edges with reason codes and integrate EntryTrace hints.
SCANNER-ENG-0018 TODO Ruby Analyzer Guild (Capability Squad) Emit Ruby capability and framework surface signals as defined in design §4.5. Policy predicates prototyped; capability records available in SBOM overlays.
SCANNER-ENG-0019 TODO Ruby Analyzer Guild, CLI Guild Ship Ruby CLI verbs (`stella ruby inspect resolve`) and Offline Kit packaging per design §4.6.
SCANNER-LIC-0001 DOING (2025-11-02) Scanner Guild, Legal Guild Vet tree-sitter Ruby licensing and Offline Kit packaging requirements. SPDX review complete; packaging plan approved.
SCANNER-POLICY-0001 TODO Policy Guild, Ruby Analyzer Guild Define Policy Engine predicates for Ruby groups/capabilities and align lattice weights. Policy schema merged; tests cover new predicates.
SCANNER-CLI-0001 TODO CLI Guild, Ruby Analyzer Guild Coordinate CLI UX/help text for new Ruby verbs and update CLI docs. CLI help + docs updated; golden outputs recorded.
SCANNER-ENG-0002 TODO Scanner Guild, CLI Guild Design Node.js lockfile collector/CLI validator per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md. Capture Surface & policy requirements before implementation
SCANNER-ENG-0003 TODO Python Analyzer Guild, CLI Guild Design Python lockfile/editable install parity checks per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md. Include policy predicates & CLI story in design
SCANNER-ENG-0004 TODO Java Analyzer Guild, CLI Guild Design Java lockfile ingestion & validation per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md. Cover Gradle/SBT collectors, CLI verb, policy hooks
SCANNER-ENG-0005 TODO Go Analyzer Guild Enhance Go stripped-binary fallback inference per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md. Include inferred module metadata & policy integration
SCANNER-ENG-0006 TODO Rust Analyzer Guild Expand Rust fingerprint coverage per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md. Ship enriched fingerprint catalogue + policy controls
SCANNER-ENG-0007 TODO Scanner Guild, Policy Guild Design deterministic secret leak detection pipeline per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md. Include rule packaging, Policy Engine integration, CLI workflow
SCANNER-ENG-0020 TODO Scanner Guild (macOS Cellar Squad) Implement Homebrew collector and fragment mapper per design/macos-analyzer.md §3.1. Emit brew component fragments with tap provenance; integrate Surface.Validation/FS limits.
SCANNER-ENG-0021 TODO Scanner Guild (macOS Receipts Squad) Implement pkgutil receipt collector per design/macos-analyzer.md §3.2. Parse receipts/BOMs into deterministic component records with install metadata.
SCANNER-ENG-0022 TODO Scanner Guild, Policy Guild (macOS Bundles Squad) Implement macOS bundle inspector & capability overlays per design/macos-analyzer.md §3.3. Extract signing/entitlements, emit capability evidence, merge with receipts/Homebrew.
SCANNER-ENG-0023 TODO Scanner Guild, Offline Kit Guild, Policy Guild Deliver macOS policy/offline integration per design/macos-analyzer.md §56. Define policy predicates, CLI toggles, Offline Kit packaging, and documentation.
SCANNER-ENG-0024 TODO Scanner Guild (Windows MSI Squad) Implement Windows MSI collector per design/windows-analyzer.md §3.1. Parse MSI databases, emit component fragments with provenance metadata; blocked until POLICY-READINESS-0002 (decision due 2025-11-07).
SCANNER-ENG-0025 TODO Scanner Guild (Windows WinSxS Squad) Implement WinSxS manifest collector per design/windows-analyzer.md §3.2. Correlate assemblies with MSI components and catalog signatures; dependent on POLICY-READINESS-0002 outcome.
SCANNER-ENG-0026 TODO Scanner Guild (Windows Packages Squad) Implement Chocolatey & registry collectors per design/windows-analyzer.md §3.33.4. Harvest nuspec metadata and registry uninstall/service evidence; merge with filesystem artefacts; align with feed decisions from POLICY-READINESS-0002.
SCANNER-ENG-0027 TODO Scanner Guild, Policy Guild, Offline Kit Guild Deliver Windows policy/offline integration per design/windows-analyzer.md §56. Define predicates, CLI/Offline docs, and packaging for feeds/certs; start after POLICY-READINESS-0002 sign-off.
SCANNER-OPS-0001 TODO Ops Guild Review runbooks/observability assets after next sprint demo. Sync outcomes back to ../../TASKS.md
SCANNER-ENG-0001 TODO Module Team Cross-check implementation plan milestones against ../../implplan/SPRINTS.md. Update status via ./AGENTS.md workflow