EPSS Feed Connector (Concelier Three-Stage Pattern)

Module

Concelier

Status

IMPLEMENTED

Description

Concelier connector for EPSS (Exploit Prediction Scoring System) feed ingestion following three-stage Fetch/Parse/Map pattern. Reuses Scanner's EpssCsvStreamParser for CSV parsing, supports ETag conditional requests, air-gap bundle fallback, priority band classification (Critical/High/Medium/Low at 0.70/0.40/0.10 thresholds), and daily scheduled ingestion (10:00 UTC).

Implementation Details

Modules: src/Concelier/__Libraries/StellaOps.Concelier.Connector.Epss/
Key Classes:
- EpssConnector (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Epss/Internal/EpssConnector.cs) - IFeedConnector implementation with three-stage Fetch/Parse/Map pattern
- EpssConnectorPlugin (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Epss/EpssConnectorPlugin.cs) - IConnectorPlugin registration for DI discovery
Interfaces: IFeedConnector, IConnectorPlugin
Source: SPRINT_4000_0002_0001_epss_feed_connector.md

E2E Test Plan

Trigger EPSS connector ingestion and verify EPSS scores are fetched and stored for CVE IDs
Verify priority band classification: CVEs with EPSS > 0.70 are classified as Critical, 0.40-0.70 as High, 0.10-0.40 as Medium, < 0.10 as Low
Verify ETag conditional requests: second ingestion with unchanged data returns 304 and skips re-parsing
Verify air-gap bundle fallback: configure offline mode and verify ingestion falls back to local bundle
Verify daily scheduled ingestion runs at the configured time

1.6 KiB Raw Blame History