38 lines
1.7 KiB
Markdown
38 lines
1.7 KiB
Markdown
# GitHub Code Scanning Endpoints (Backend)
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Description
|
|
Backend endpoints for triggering SARIF uploads to GitHub Code Scanning are implemented, with a null service for environments without GitHub integration.
|
|
|
|
## Implementation Details
|
|
- **Endpoints**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs` - `GitHubCodeScanningEndpoints` with `SarifUploadRequest`, `SarifUploadResponse`, `SarifUploadStatusResponse`, `AlertsListResponse`, `AlertResponse`
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/GitHubCodeScanningEndpoints.cs` - `IGitHubCodeScanningService` interface, `GitHubUploadResult`, `GitHubUploadStatus`
|
|
- **Null Service**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/NullGitHubCodeScanningService.cs` - Null implementation for environments without GitHub
|
|
- **SARIF Export**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/ScanFindingsSarifExportService.cs` - Exports scan findings as SARIF for GitHub upload
|
|
|
|
## E2E Test Plan
|
|
- [ ] Upload a SARIF report to GitHub Code Scanning via the endpoint and verify acceptance
|
|
- [ ] Query upload status and verify it returns the correct status (pending, complete, error)
|
|
- [ ] Query alerts list and verify findings appear as GitHub Code Scanning alerts
|
|
- [ ] Verify the null service returns appropriate responses when GitHub integration is not configured
|
|
- [ ] Verify SARIF export includes all scan findings with correct location and severity mapping
|
|
|
|
---
|
|
|
|
## Verification
|
|
|
|
| Check | Result |
|
|
|-------|--------|
|
|
| Tier 0 - Source files exist | PASS |
|
|
| Tier 1 - Build + code review | PASS |
|
|
| Tier 2 - Integration tests | PASS |
|
|
| Verified | 2026-02-13T18:10:00Z |
|