stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/scanner-pr-mr-evidence-annotations.md

30 lines
1.9 KiB
Markdown
Raw Blame History

# Scanner PR/MR Evidence Annotations (Webhook-Driven)
## Module
Scanner
## Status
IMPLEMENTED
## Description
Webhook-driven PR/MR annotation generation with evidence anchors (attestation digest, policy verdict, verify command), ASCII-only output, and posting via SCM annotation clients with retry/backoff.
## Implementation Details
- **PR Annotation Service**:
- `src/Scanner/StellaOps.Scanner.WebService/Services/PrAnnotationService.cs` - `PrAnnotationService` generates PR/MR annotations with evidence anchors including attestation digest, policy verdict, and verify command
- **Webhook Handler**:
- `src/Scanner/StellaOps.Scanner.WebService/Services/PrAnnotationWebhookHandler.cs` - `PrAnnotationWebhookHandler` processes incoming webhook events from SCM providers and triggers annotation generation
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/WebhookEndpoints.cs` - Webhook endpoints receiving SCM events for PR/MR annotation
- **Reachability Gate**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Cache/PrReachabilityGate.cs` - `PrReachabilityGate` evaluating reachability status for PR annotations
- **Tests**:
- `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/PrAnnotationServiceTests.cs` - Unit tests for annotation generation
- `src/Scanner/__Tests/StellaOps.Scanner.Reachability.Tests/PrReachabilityGateTests.cs` - PR reachability gate tests
## E2E Test Plan
- [ ] Send a webhook event for a PR/MR and verify `PrAnnotationWebhookHandler` triggers annotation generation
- [ ] Verify the generated annotation includes attestation digest, policy verdict, and a `stella verify` command
- [ ] Verify annotation output is ASCII-only (no unicode characters that might break SCM rendering)
- [ ] Verify annotations are posted to the SCM provider (Gitea, GitHub, GitLab) with retry/backoff on failure
- [ ] Verify `PrReachabilityGate` integrates reachability status into the PR annotation (showing which vulnerabilities are reachable)
Reference in New Issue View Git Blame Copy Permalink