Vulnerability Scanner (Reserved Slot) — Adapter Technical Specification

Vulnerability Scanner (Reserved Slot) — Adapter Technical Specification

NoteCanon-derived document

Status: reserved · Class: conformance · Mission: telemetry · Phase: phase-planning

Canon source: canon/adapter-registry.yaml (propagated by uiao/tools/sync_canon.py).

The YAML frontmatter and this banner are regenerated from canon on every sync. Do not hand-edit. Author new material only below the ## Overview heading.

WarningScaffold — awaiting authored content

This document is a stub. Replace every _TODO — ..._ block with authored content that is consistent with UIAO canon. Canon invariants (gcc-boundary, ssot-mutation: never, etc.) must never be contradicted.

Overview

The Vulnerability Scanner Adapter is a conformance-class telemetry adapter that observes vulnerability state across managed assets and produces normalized, timestamped findings. It is tool-agnostic — the vendor-specific scanner backend (Tenable, Qualys, OpenSCAP) is injected via configuration.

Key capabilities: scan result ingestion with CVE cross-references, severity-based filtering, finding summarization (critical/high/medium/low counts + max severity), and KSI-anchored evidence generation. Tool selection tracked as ODA-14.

Implementation: uiao/src/uiao/adapters/vulnscan_adapter.py + vulnscan_parser.py (real parsing). Conformance: 30/30 PASS.

Scope

Target surfaces / subsystems: (not yet defined)

Reads: Vulnerability scanner output (JSON format) containing findings with CVE IDs, CVSS scores, severity, affected assets, and state (open/accepted_risk). Emits: ClaimSet with one claim per finding, EvidenceObject with scan summary (total/open/by-severity/max-severity). Does NOT: invoke scanners, remediate vulnerabilities, or access target systems directly. Read-only telemetry.

Controls

NIST SP 800-53 Rev 5 controls this adapter supports: RA-5, RA-5(5), CA-7, SI-2

Control Role Adapter capability
RA-5 Vulnerability Scanning Primary Ingests and normalizes vulnerability scan findings with CVE cross-references.
RA-5(5) Privileged Access Supporting Scan findings include privilege-related vulnerabilities (EoP findings).
CA-7 Continuous Monitoring Supporting Scheduled scan ingestion provides continuous vulnerability posture evidence.
SI-2 Flaw Remediation Supporting Finding state tracking (open vs accepted_risk) supports remediation monitoring.

Operational profile

Field Value
Runtime TBD
Runtime pin TBD
Runner class TBD
Tenancy per-customer
Evidence class interval
Retention 3 year(s)

Canon invariants

  • gcc-boundary: gcc-moderate
  • ssot-mutation: never
  • certificate-anchored: true
  • object-identity-only: true

Notes from canon

Slot reserved per ARCHITECTURE.md §3.5 and §13 open decision ODA-14. Candidate implementations include Tenable, Qualys, or open-source scanner wrappers. Authenticated scanning required per RA-5(5) for Moderate/High baselines. Selection deferred to Phase 2 planning.

References

  • UIAO-CANON-003
  • ADR-025

Generated by uiao/tools/sync_canon.py. See uiao/ARCHITECTURE.md §4 for the cross-repo sync contract. See uiao-docs/_quarto.yml for rendering configuration.

Back to top