stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/concelier/concelier-vendor-risk-signal-provider.md

1.3 KiB
Raw Blame History

Concelier Vendor Risk Signal Provider

Module

Concelier

Status

IMPLEMENTED

Description

Extracts vendor-specific risk signals from advisory data, emits fix availability events, and tracks advisory field changes for risk scoring. Not in the known list.

Implementation Details

  • Modules: src/Concelier/__Libraries/StellaOps.Concelier.Core/Risk/
  • Key Classes:
    • VendorRiskSignalExtractor (src/Concelier/__Libraries/StellaOps.Concelier.Core/Risk/VendorRiskSignalExtractor.cs) - extracts vendor-specific risk signals (CVSS, exploit maturity, fix availability) from advisory data
    • PolicyStudioSignalPicker (src/Concelier/__Libraries/StellaOps.Concelier.Core/Risk/PolicyStudio/PolicyStudioSignalPicker.cs) - filters and selects signals for policy evaluation
  • Interfaces: IPolicyStudioSignalPicker
  • Source: Sprint 0115 (batch_14/file_16.md)

E2E Test Plan

  • Provide a vendor advisory with CVSS and fix availability and verify VendorRiskSignalExtractor produces correct risk signals
  • Verify fix availability emission: advisory with a fix emits a fix-available signal event
  • Verify field change tracking: update an advisory field and verify the risk signal reflects the change
  • Verify signal extraction handles missing fields gracefully (no CVSS, no fix info)