stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
da76d6e93e0d4e67073841ead99b46de180e5383
git.stella-ops.org/docs/features/checked/scanner/github-code-scanning-endpoints.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

1.7 KiB
Raw Blame History

GitHub Code Scanning Endpoints (Backend)

Module

Scanner

Status

VERIFIED

Description

Backend endpoints for triggering SARIF uploads to GitHub Code Scanning are implemented, with a null service for environments without GitHub integration.

Implementation Details

  • Endpoints:
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs - GitHubCodeScanningEndpoints with SarifUploadRequest, SarifUploadResponse, SarifUploadStatusResponse, AlertsListResponse, AlertResponse
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs - IGitHubCodeScanningService interface, GitHubUploadResult, GitHubUploadStatus
  • Null Service:
    • src/Scanner/StellaOps.Scanner.WebService/Services/NullGitHubCodeScanningService.cs - Null implementation for environments without GitHub
  • SARIF Export:
    • src/Scanner/StellaOps.Scanner.WebService/Services/ScanFindingsSarifExportService.cs - Exports scan findings as SARIF for GitHub upload

E2E Test Plan

  • Upload a SARIF report to GitHub Code Scanning via the endpoint and verify acceptance
  • Query upload status and verify it returns the correct status (pending, complete, error)
  • Query alerts list and verify findings appear as GitHub Code Scanning alerts
  • Verify the null service returns appropriate responses when GitHub integration is not configured
  • Verify SARIF export includes all scan findings with correct location and severity mapping

Verification

Check Result
Tier 0 - Source files exist PASS
Tier 1 - Build + code review PASS
Tier 2 - Integration tests PASS
Verified 2026-02-13T18:10:00Z