stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/github-code-scanning-endpoints.md

1.5 KiB
Raw Blame History

GitHub Code Scanning Endpoints (Backend)

Module

Scanner

Status

IMPLEMENTED

Description

Backend endpoints for triggering SARIF uploads to GitHub Code Scanning are implemented, with a null service for environments without GitHub integration.

Implementation Details

  • Endpoints:
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs - GitHubCodeScanningEndpoints with SarifUploadRequest, SarifUploadResponse, SarifUploadStatusResponse, AlertsListResponse, AlertResponse
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs - IGitHubCodeScanningService interface, GitHubUploadResult, GitHubUploadStatus
  • Null Service:
    • src/Scanner/StellaOps.Scanner.WebService/Services/NullGitHubCodeScanningService.cs - Null implementation for environments without GitHub
  • SARIF Export:
    • src/Scanner/StellaOps.Scanner.WebService/Services/ScanFindingsSarifExportService.cs - Exports scan findings as SARIF for GitHub upload

E2E Test Plan

  • Upload a SARIF report to GitHub Code Scanning via the endpoint and verify acceptance
  • Query upload status and verify it returns the correct status (pending, complete, error)
  • Query alerts list and verify findings appear as GitHub Code Scanning alerts
  • Verify the null service returns appropriate responses when GitHub integration is not configured
  • Verify SARIF export includes all scan findings with correct location and severity mapping