Benjamin Admin
34a678caef
Live HTTP entry for the deterministic CRA assessment — repo-scanner findings in, CRA Annex I mapping + risk + curated measures + NIST/OWASP golden-set crosswalk out. Project-less (works for any customer, no CE-RA/FMEA required); reuses the tested mapper, same logic the MCP server exposes. Additive endpoint (no contract baseline change); no DB. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
41 lines
1.3 KiB
Python
41 lines
1.3 KiB
Python
"""Standalone CRA cyber risk-assessment endpoint.
|
|
|
|
POST /api/v1/cra/assess — takes the findings the external repo-scanner already
|
|
produced and returns the deterministic CRA assessment: each finding mapped to
|
|
the CRA Annex I requirement(s) it violates, a risk level, the curated CRA
|
|
measures, and the NIST 800-53 / OWASP Top 10 golden-set crosswalk.
|
|
|
|
Project-less by design: works standalone for ANY customer — including those with
|
|
no CE risk assessment and no FMEA yet (the mandatory baseline). Reuses the fully
|
|
tested mapper; no DB, no LLM, no RAG. Same logic the MCP server exposes.
|
|
"""
|
|
from typing import List, Optional
|
|
|
|
from fastapi import APIRouter
|
|
from pydantic import BaseModel
|
|
|
|
from compliance.services.cra_finding_mapper import assess_findings_payload
|
|
|
|
router = APIRouter(prefix="/v1/cra", tags=["cra"])
|
|
|
|
|
|
class FindingIn(BaseModel):
|
|
id: str
|
|
title: Optional[str] = ""
|
|
description: Optional[str] = ""
|
|
category: Optional[str] = ""
|
|
cwe: Optional[str] = ""
|
|
severity: Optional[str] = ""
|
|
cvss: Optional[float] = None
|
|
location: Optional[str] = ""
|
|
|
|
|
|
class AssessRequest(BaseModel):
|
|
findings: List[FindingIn]
|
|
|
|
|
|
@router.post("/assess")
|
|
async def assess(body: AssessRequest):
|
|
payload = {"findings": [f.model_dump() for f in body.findings]}
|
|
return assess_findings_payload(payload)
|