Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(cra): snapshot/history UI + measure-class (code-fix vs process) UI

Browse Source 
Snapshot/history: "Snapshot speichern" + a version list (status, date, coverage)
you can click through — makes the CRA Art. 13 running system visible (backend
endpoints already live). Measure-class: each finding shows a remediation-class
badge from its CRA evidence_type ("Code-nah" = scan-locatable, code-fix in the
ticket possible; otherwise Prozess/Doku), and the measures section is relabelled
as the Sollzustand (process/build) — no auto-fix buttons on process measures.
Backend: MappedFinding now carries evidence_type.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-14 10:02:17 +02:00
parent 05bd0418f8
commit ee1632cd52
7 changed files with 173 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend-compliance/tests/test_cra_finding_mapper.py
+5
View File
@@ -14,6 +14,11 @@ def test_hardcoded_credentials_cwe_maps_to_credential_requirement():
assert m.annex_anchor # spine carries the Annex anchor
def test_mapped_finding_carries_evidence_type():
m = map_finding(ScannerFinding(id="e", title="default password", cwe="CWE-259", severity="high"))
assert m.evidence_type == "code" # CRA-AI-8 is code-checkable
def test_default_password_is_critical_and_carries_measure_M542():
m = map_finding(ScannerFinding(id="f2", title="Universal default password", cwe="CWE-259", severity="critical"))
assert m.primary_requirement == "CRA-AI-8"