fix(scripts): fix ComplianceScore always reporting 0% or 100%

[WilliamBerryiii]

Description

Fixed ComplianceScore in the dependency-pinning security scanner always reporting either 0% or 100%, never partial values.

Root Cause: Scanner functions returned flat arrays of violations without tracking total dependencies scanned. The orchestrator only knew violation count, so compliance was binary — 0 violations → 100%, any violations → 0% (of an unknown total).

Changes:

• Refactored all 6 scanner functions to return hashtables with TotalCount and Violations keys.
• Orchestrator accumulates $totalDependencyCount across all scanners.
• Get-ComplianceReportData accepts a mandatory -TotalDependencies parameter for accurate percentage calculation.
• Added [ValidateSet('High', 'Medium', 'Low', 'Info')] on the Severity property of DependencyViolation.

Related Issue(s)

Fixes #929

Type of Change

Code & Documentation

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update

Infrastructure & Configuration

• GitHub Actions workflow
• Linting configuration
• Security configuration
• DevContainer configuration
• Dependency update

AI Artifacts

• I have run prompt-builder review and attested to quality
• Copilot instructions (.instructions.md)
• Copilot prompt (.prompt.md)
• Copilot agent (.agent.md)
• Copilot skill (SKILL.md)

Other

• Script or automation
• Other (please describe):

Sample Prompts

Testing

Automated Validation

• npm run test:ps — 118/118 Pester tests pass (4 new tests added)
• PSScriptAnalyzer — clean, no warnings or errors

Security Analysis

• No secrets, tokens, or credentials introduced.
• Changes are limited to internal scanner return types and compliance calculation logic.
• ValidateSet on Severity constrains input to known values, preventing invalid severity injection.

Diff-Based Assessment

• Scanner function return types changed from flat arrays to hashtables (@{ TotalCount; Violations }).
• All callers (orchestrator, tests) updated in the same changeset.
• No public API surface removed — functions still exported with same names and parameters.

Manual Testing

Not performed — validated through Pester test suite covering 0%, partial (60%, 90%), and 100% compliance scenarios.

Checklist

Required Checks

• Documentation is updated (N/A — no user-facing documentation affected)
• Files follow existing naming conventions
• Changes are backwards compatible
• Tests added for new functionality

AI Artifact Contributions

• I have run prompt-analyze on the changed artifact
• I have addressed all findings from prompt-analyze
• Changes follow the Contributing AI Artifacts standards

Required Automated Checks

• npm run lint:md
• npm run spell-check
• npm run lint:frontmatter
• npm run validate:skills
• npm run lint:md-links
• npm run lint:ps — PSScriptAnalyzer clean
• npm run plugin:generate

Security Considerations

• This PR does not contain any sensitive or NDA information
• Any new dependencies have been reviewed for security issues (N/A — no new dependencies)
• Security-related scripts follow the principle of least privilege

Additional Notes

• Both commits use conventional commit format (fix(scripts): and test(scripts):).
• The return-type change from arrays to hashtables is internal to the scanning pipeline; no external consumers are affected.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[codecov-commenter]

Codecov Report

❌ Patch coverage is 96.87500% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 85.97%. Comparing base (d2060d6) to head (4f5ea9e).
⚠️ Report is 17 commits behind head on main.

Files with missing lines	Patch %	Lines
scripts/security/Test-DependencyPinning.ps1	96.87%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #931      +/-   ##
==========================================
+ Coverage   85.95%   85.97%   +0.01%     
==========================================
  Files          27       27              
  Lines        5185     5192       +7     
==========================================
+ Hits         4457     4464       +7     
  Misses        728      728              

Flag	Coverage Δ
pester	85.97% <96.87%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
scripts/security/Modules/SecurityClasses.psm1	97.22% <ø> (ø)
scripts/security/Test-DependencyPinning.ps1	89.83% <96.87%> (+0.17%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.