Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(cra): snapshot/history UI + measure-class (code-fix vs process) UI

Browse Source 
Snapshot/history: "Snapshot speichern" + a version list (status, date, coverage)
you can click through — makes the CRA Art. 13 running system visible (backend
endpoints already live). Measure-class: each finding shows a remediation-class
badge from its CRA evidence_type ("Code-nah" = scan-locatable, code-fix in the
ticket possible; otherwise Prozess/Doku), and the measures section is relabelled
as the Sollzustand (process/build) — no auto-fix buttons on process measures.
Backend: MappedFinding now carries evidence_type.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-14 10:02:17 +02:00
parent 05bd0418f8
commit ee1632cd52
7 changed files with 173 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend-compliance/compliance/services/cra_finding_mapper.py
+2
View File
@@ -94,6 +94,7 @@ class MappedFinding:
primary_requirement: str = ""
annex_anchor: str = ""
iso27001_ref: list = field(default_factory=list)
evidence_type: str = "" # code | process | hybrid | document (from the requirement)
risk_level: str = "LOW"
measures: list = field(default_factory=list)
nist_refs: list = field(default_factory=list) # NIST 800-53 control IDs (golden-set crosswalk)
@@ -189,6 +190,7 @@ def map_finding(f: ScannerFinding) -> MappedFinding:
primary_requirement=primary["req_id"],
annex_anchor=primary.get("annex_anchor", ""),
iso27001_ref=list(primary.get("iso27001_ref", [])),
evidence_type=primary.get("evidence_type", ""),
risk_level=_SEV_BY_RANK.get(risk_rank, "LOW"),
measures=measures,
nist_refs=refs["nist"],
backend-compliance/tests/test_cra_finding_mapper.py
+5
View File
@@ -14,6 +14,11 @@ def test_hardcoded_credentials_cwe_maps_to_credential_requirement():
assert m.annex_anchor # spine carries the Annex anchor
def test_mapped_finding_carries_evidence_type():
m = map_finding(ScannerFinding(id="e", title="default password", cwe="CWE-259", severity="high"))
assert m.evidence_type == "code" # CRA-AI-8 is code-checkable
def test_default_password_is_critical_and_carries_measure_M542():
m = map_finding(ScannerFinding(id="f2", title="Universal default password", cwe="CWE-259", severity="critical"))
assert m.primary_requirement == "CRA-AI-8"