2.0 KiB
2.0 KiB
Gated Triage Contracts (Quiet-by-Design Backend)
Module
Scanner
Status
IMPLEMENTED
Description
Backend contracts for Quiet-by-Design Triage that expose why findings are hidden by default (unreachable, policy_dismissed, backported, vex_not_affected) with links to evidence artifacts and gated bucket count summaries in bulk queries.
Implementation Details
- Gating Contracts:
src/Scanner/StellaOps.Scanner.WebService/Contracts/GatingContracts.cs- Gating reason contracts (unreachable, policy_dismissed, backported, vex_not_affected)
- Gating Reason Service:
src/Scanner/StellaOps.Scanner.WebService/Services/IGatingReasonService.cs- Interface for gating reason queriessrc/Scanner/StellaOps.Scanner.WebService/Services/GatingReasonService.cs- Provides gating reasons with evidence links
- Triage API:
src/Scanner/StellaOps.Scanner.WebService/Controllers/TriageController.cs-TriageControllerwithBulkGatingStatusRequestfor bulk queriessrc/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/TriageStatusEndpoints.cs- Triage status endpointssrc/Scanner/StellaOps.Scanner.WebService/Contracts/TriageContracts.cs- Triage API contracts
- VEX Gate Integration:
src/Scanner/__Libraries/StellaOps.Scanner.Gate/VexGateService.cs- VEX gate service for determining gating statussrc/Scanner/__Libraries/StellaOps.Scanner.Gate/VexGateResult.cs- Gate result model
E2E Test Plan
- Query findings and verify gated findings include the gating reason (unreachable, policy_dismissed, backported, vex_not_affected)
- Verify each gating reason includes links to supporting evidence artifacts
- Submit a bulk gating status request and verify gated bucket count summaries are returned
- Verify unreachable findings are gated with reachability evidence links
- Verify backported findings are gated with backport evidence links
- Verify VEX not_affected findings are gated with VEX document references