master
791e12baab
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Created SignerEndpointsTests to validate the SignDsse and VerifyReferrers endpoints. - Implemented StubBearerAuthenticationDefaults and StubBearerAuthenticationHandler for token-based authentication. - Developed ConcelierExporterClient for managing Trivy DB settings and export operations. - Added TrivyDbSettingsPageComponent for UI interactions with Trivy DB settings, including form handling and export triggering. - Implemented styles and HTML structure for Trivy DB settings page. - Created NotifySmokeCheck tool for validating Redis event streams and Notify deliveries.
5.3 KiB
5.3 KiB
Normalized Versions Rollout Dashboard (Sprint 2 – Concelier)
Status date: 2025-10-20 19:10 UTC
This dashboard tracks connector readiness for emitting AffectedPackage.NormalizedVersions arrays and highlights upcoming coordination checkpoints. Use it alongside:
src/StellaOps.Concelier.Merge/RANGE_PRIMITIVES_COORDINATION.mdfor detailed guidance and timelines.- Concelier SemVer Merge Playbook §8 for persisted Mongo document shapes.
- Normalized Versions Query Guide for index/query validation steps.
Key milestones
- 2025-10-21 – Cccs and Cisco connectors finalize normalized rule emission and share merge-counter screenshots.
- 2025-10-22 – CertBund localisation translator reviewed; blockers escalated if localisation guidance slips.
- 2025-10-23 – ICS-CISA confirms SemVer reuse vs new firmware scheme and files Models ticket if needed.
- 2025-10-24 – KISA firmware scheme proposal due; Merge provides same-day review.
- 2025-10-25 – Merge runs cross-connector validation before enabling normalized-rule union logic by default.
Connector readiness matrix
| Connector | Owner team | Normalized versions status | Last update | Next action / link |
|---|---|---|---|---|
| Acsc | BE-Conn-ACSC | ❌ Not started – normalized helper pending relay stability | 2025-10-20 | Prepare builder integration plan for 2025-10-24 kickoff; update src/StellaOps.Concelier.Connector.Acsc/TASKS.md once branch opens. |
| Cccs | BE-Conn-CCCS | ⚠️ DOING – trailing-version helper MR reviewing (due 2025-10-21) | 2025-10-20 | Land helper + fixture refresh, post merge-counter screenshot; src/StellaOps.Concelier.Connector.Cccs/TASKS.md. |
| CertBund | BE-Conn-CERTBUND | ⚠️ In progress – localisation translator WIP (due 2025-10-22) | 2025-10-20 | Finish translator + provenance notes, regenerate fixtures; src/StellaOps.Concelier.Connector.CertBund/TASKS.md. |
| CertCc | BE-Conn-CERTCC | ✅ Complete – certcc.vendor rules emitting |
2025-10-20 | Monitor VINCE payload changes; no action. |
| Kev | BE-Conn-KEV | ✅ Complete – catalog/due-date rules verified | 2025-10-20 | Routine monitoring only. |
| Cve | BE-Conn-CVE | ✅ Complete – SemVer normalized rules live | 2025-10-20 | Keep fixtures in sync as CVE schema evolves. |
| Ghsa | BE-Conn-GHSA | ✅ Complete – rollout merged 2025-10-11 | 2025-10-20 | Maintain parity with OSV ecosystems; no action. |
| Osv | BE-Conn-OSV | ✅ Complete – normalized rules shipping | 2025-10-20 | Watch for new ecosystems; refresh fixtures as needed. |
| Ics.Cisa | BE-Conn-ICS-CISA | ⚠️ Decision pending – exact SemVer promotion due 2025-10-23 | 2025-10-20 | Promote primitives or request new scheme; src/StellaOps.Concelier.Connector.Ics.Cisa/TASKS.md. |
| Kisa | BE-Conn-KISA | ⚠️ Proposal drafting – firmware scheme due 2025-10-24 | 2025-10-20 | Finalise kisa.build proposal with Models; update mapper/tests; src/StellaOps.Concelier.Connector.Kisa/TASKS.md. |
| Ru.Bdu | BE-Conn-BDU | ✅ Complete – ru-bdu.raw rules live |
2025-10-20 | Continue monitoring UTF-8 handling; no action. |
| Ru.Nkcki | BE-Conn-Nkcki | ✅ Complete – normalized rules emitted | 2025-10-20 | Maintain transliteration guidance; no action. |
| Vndr.Apple | BE-Conn-Apple | ✅ Complete – normalized arrays emitting | 2025-10-20 | Add beta-channel coverage follow-up; see module README. |
| Vndr.Cisco | BE-Conn-Cisco | ⚠️ DOING – normalized promotion branch open (due 2025-10-21) | 2025-10-20 | Merge helper branch, refresh fixtures, post counters; src/StellaOps.Concelier.Connector.Vndr.Cisco/TASKS.md. |
| Vndr.Msrc | BE-Conn-MSRC | ✅ Complete – msrc.build rules emitting |
2025-10-20 | Monitor monthly rollups; no action. |
| Nvd | BE-Conn-NVD | ✅ Complete – normalized SemVer output live | 2025-10-20 | Keep provenance aligned with CVE IDs; monitor export parity toggle. |
Legend: ✅ complete, ⚠️ in progress/partial, ❌ not started.
Monitoring
- Merge now emits
concelier.merge.normalized_rules(tags:package_type,scheme) andconcelier.merge.normalized_rules_missing(tags:package_type). Track these counters to confirm normalized arrays land as connectors roll out. - Expect
normalized_rules_missingto trend toward zero as each connector flips on normalized output. Investigate any sustained counts by checking the corresponding moduleTASKS.md.
Implementation tips
- When a connector only needs to populate
AffectedPackage.NormalizedVersions(without reusing range primitives), callSemVerRangeRuleBuilder.BuildNormalizedRules(rawRange, patchedVersion, note)to project the normalized rule list directly. This avoids re-wrappingSemVerRangeBuildResultinstances and keeps provenance notes consistent with the shared builder.
How to use this dashboard
- Before opening a connector PR, update the module
TASKS.mdentry and drop a short bullet here (status + timestamp). - When a connector lands normalized outputs, flip the status to ✅ and note any rollout toggles (feature flags, fixture regenerations).
- If a dependency or blocker emerges, add it both in the module
TASKS.mdand in this matrix so merge/storage can escalate quickly.