stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/triage-database-schema-and-api-endpoints.md

41 lines
3.1 KiB
Markdown
Raw Blame History

# Triage database schema and API endpoints
## Module
Scanner
## Status
IMPLEMENTED
## Description
PostgreSQL triage schema with migration, DbContext, and tested API endpoints for triage status management.
## Implementation Details
- **Database Schema**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/TriageDbContext.cs` - `TriageDbContext` EF Core database context defining the triage schema with migrations
- **Entity Models**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageFinding.cs` - `TriageFinding` entity representing a vulnerability finding in triage
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageDecision.cs` - `TriageDecision` entity for triage decision records
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEvidenceArtifact.cs` - `TriageEvidenceArtifact` entity linking evidence to triage decisions
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageScan.cs` - `TriageScan` entity for scan metadata
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageSnapshot.cs` - `TriageSnapshot` entity for point-in-time triage state
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageRiskResult.cs` - `TriageRiskResult` entity for risk assessment results
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageReachabilityResult.cs` - `TriageReachabilityResult` entity for reachability analysis results
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriagePolicyDecision.cs` - `TriagePolicyDecision` entity for policy evaluation results
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageEnums.cs` - Triage status, decision, and lane enumerations
- **API Endpoints**:
- `src/Scanner/StellaOps.Scanner.WebService/Services/TriageStatusService.cs` - `TriageStatusService` managing triage workflow state transitions
- `src/Scanner/StellaOps.Scanner.WebService/Controllers/TriageController.cs` - `TriageController` REST API for triage operations
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/TriageContracts.cs` - API contracts for triage endpoints
- **Tests**:
- `src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageSchemaIntegrationTests.cs` - Schema migration tests
- `src/Scanner/__Tests/StellaOps.Scanner.Triage.Tests/TriageQueryPerformanceTests.cs` - Query performance tests
- `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/TriageStatusEndpointsTests.cs` - API endpoint tests
## E2E Test Plan
- [ ] Run database migration and verify the triage schema is created with all expected tables and indexes
- [ ] Create a triage finding via the API and verify it persists with correct status and metadata
- [ ] Transition a finding through triage states (New -> In Review -> Accepted/Rejected) and verify state transitions are validated
- [ ] Query triage findings with filters (status, severity, scan ID) and verify correct results with acceptable query performance
- [ ] Verify triage snapshots capture point-in-time state for audit purposes
- [ ] Verify policy decisions and reachability results are correctly linked to triage findings
Reference in New Issue View Git Blame Copy Permalink