stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/remediation-pr-generator.md

1.4 KiB
Raw Blame History

Remediation PR Generator (Deterministic PR/MR Creation)

Module

Scanner

Status

IMPLEMENTED

Description

Deterministic PR/MR generation with template sections (summary, steps, SBOM changes, test requirements, rollback steps, VEX claim, evidence), actual SCM branch creation and file updates, and remediation apply endpoint returning PR metadata.

Implementation Details

  • Evidence Contracts:
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/UnifiedEvidenceContracts.cs - Contracts including remediation evidence models with SBOM changes, VEX claims, and PR metadata
  • Reachability Endpoints:
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ReachabilityEndpoints.cs - Endpoints supporting remediation actions with reachability context
  • PR Annotation Service:
    • src/Scanner/StellaOps.Scanner.WebService/Services/PrAnnotationService.cs - PrAnnotationService generates PR/MR annotations with evidence links

E2E Test Plan

  • Trigger remediation PR generation for a vulnerable dependency and verify a PR template is generated with summary, steps, and SBOM changes sections
  • Verify the generated PR includes test requirements and rollback steps
  • Verify VEX claims are included in the PR body linking to reachability evidence
  • Verify the remediation apply endpoint returns PR metadata (URL, branch name, commit SHA)
  • Verify deterministic generation produces identical PR content for the same input