stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
d0f2cc3b2cf0dfa4b1ea69737ad5ebd02089fbc6
git.stella-ops.org/docs/features/checked/policy/epss-raw-feed-layer.md
master 9ca2de05df more features checks. setup improvements
2026-02-13 02:04:55 +02:00

2.3 KiB
Raw Blame History

EPSS Raw Feed Layer (Immutable Storage)

Module

Policy

Status

IMPLEMENTED

Description

EPSS feed ingestion with CSV parsing, repository storage, and enrichment jobs. Database migrations exist for EPSS risk scores storage.

Implementation Details

  • UnknownRanker Integration: src/Policy/__Libraries/StellaOps.Policy.Unknowns/Services/UnknownRanker.cs -- uses EPSS scores in exploit pressure calculation
    • EPSS >= 0.90: +0.30 exploit pressure factor
    • EPSS >= 0.50: +0.15 exploit pressure factor
    • UnknownRankInput.EpssScore (decimal 0.0-1.0) feeds into scoring
  • Risk Scoring Integration: src/Policy/StellaOps.Policy.Engine/Scoring/ -- EPSS scores used in risk profile scoring
    • ProfileAwareScoringService.cs -- includes EPSS in profile-aware scoring
    • RiskScoringModels.cs -- risk scoring models with EPSS data
    • RiskScoringTriggerService.cs -- triggers re-scoring when EPSS data updates
  • RiskSimulationService: src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs -- EPSS used as a signal in risk simulations
    • Categorical signal mapping: EPSS score mapped to signal weight contributions
  • Policy Gate Integration: src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs -- EPSS thresholds used in gate evaluation
  • Staleness Endpoints: src/Policy/StellaOps.Policy.Engine/Endpoints/StalenessEndpoints.cs -- feed staleness monitoring
  • Risk Profile Endpoints: src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileEndpoints.cs -- profiles include EPSS configuration
  • Evidence Weighted Score: src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/ -- EPSS contributes to evidence-weighted scoring

E2E Test Plan

  • Verify EPSS score (0.95) contributes +0.30 exploit pressure factor in unknown ranking
  • Verify EPSS score (0.50) contributes +0.15 exploit pressure factor
  • Verify EPSS score (0.10) contributes 0 exploit pressure factor (below threshold)
  • Verify risk simulation includes EPSS as a signal with weight contribution
  • Verify risk scoring trigger fires when EPSS data updates
  • Check staleness endpoint for EPSS feed; verify freshness status is reported
  • Verify evidence-weighted score includes EPSS contribution
  • Verify policy gate evaluates EPSS threshold per configuration