feat: Document completed tasks for KMS, Cryptography, and Plugin Libraries

- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys. - Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations. - Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.
2025-10-31 14:37:45 +02:00
parent 240e8ff25d
commit 15b4a1de6a
312 changed files with 6399 additions and 3319 deletions
--- a/samples/api/reports/report-sample.dsse.json
+++ b/samples/api/reports/report-sample.dsse.json
@@ -1,58 +1,11 @@
-{
-  "report": {
-    "reportId": "report-3def5f362aa475ef14b6",
-    "imageDigest": "sha256:deadbeef",
-    "generatedAt": "2025-10-19T08:28:09.3699267+00:00",
-    "verdict": "blocked",
-    "policy": {
-      "revisionId": "rev-1",
-      "digest": "27d2ec2b34feedc304fc564d252ecee1c8fa14ea581a5ff5c1ea8963313d5c8d"
-    },
-    "summary": {
-      "total": 1,
-      "blocked": 1,
-      "warned": 0,
-      "ignored": 0,
-      "quieted": 1
-    },
-    "verdicts": [
-      {
-        "findingId": "finding-1",
-        "status": "Blocked",
-        "ruleName": "Block Critical",
-        "ruleAction": "Block",
-        "score": 40.5,
-        "configVersion": "1.0",
-        "inputs": {
-          "reachabilityWeight": 0.45,
-          "baseScore": 40.5,
-          "severityWeight": 90,
-          "trustWeight": 1,
-          "trustWeight.NVD": 1,
-          "reachability.runtime": 0.45,
-          "unknownConfidence": 0.52,
-          "unknownAgeDays": 4
-        },
-        "quietedBy": "policy/quiet-critical-runtime",
-        "quiet": true,
-        "unknownConfidence": 0.52,
-        "confidenceBand": "medium",
-        "unknownAgeDays": 4,
-        "sourceTrust": "NVD",
-        "reachability": "runtime"
-      }
-    ],
-    "issues": []
-  },
-  "dsse": {
-    "payloadType": "application/vnd.stellaops.report+json",
-    "payload": "eyJyZXBvcnRJZCI6InJlcG9ydC0zZGVmNWYzNjJhYTQ3NWVmMTRiNiIsImltYWdlRGlnZXN0Ijoic2hhMjU2OmRlYWRiZWVmIiwiZ2VuZXJhdGVkQXQiOiIyMDI1LTEwLTE5VDA4OjI4OjA5LjM2OTkyNjcrMDA6MDAiLCJ2ZXJkaWN0IjoiYmxvY2tlZCIsInBvbGljeSI6eyJyZXZpc2lvbklkIjoicmV2LTEiLCJkaWdlc3QiOiIyN2QyZWMyYjM0ZmVlZGMzMDRmYzU2NGQyNTJlY2VlMWM4ZmExNGVhNTgxYTVmZjVjMWVhODk2MzMxM2Q1YzhkIn0sInN1bW1hcnkiOnsidG90YWwiOjEsImJsb2NrZWQiOjEsIndhcm5lZCI6MCwiaWdub3JlZCI6MCwicXVpZXRlZCI6MX0sInZlcmRpY3RzIjpbeyJmaW5kaW5nSWQiOiJmaW5kaW5nLTEiLCJzdGF0dXMiOiJCbG9ja2VkIiwicnVsZU5hbWUiOiJCbG9jayBDcml0aWNhbCIsInJ1bGVBY3Rpb24iOiJCbG9jayIsInNjb3JlIjo0MC41LCJjb25maWdWZXJzaW9uIjoiMS4wIiwiaW5wdXRzIjp7InJlYWNoYWJpbGl0eVdlaWdodCI6MC40NSwiYmFzZVNjb3JlIjo0MC41LCJzZXZlcml0eVdlaWdodCI6OTAsInRydXN0V2VpZ2h0IjoxLCJ0cnVzdFdlaWdodC5OVkQiOjEsInJlYWNoYWJpbGl0eS5ydW50aW1lIjowLjQ1LCJ1bmtub3duQ29uZmlkZW5jZSI6MC41MiwidW5rbm93bkFnZURheXMiOjR9LCJxdWlldGVkQnkiOiJwb2xpY3kvcXVpZXQtY3JpdGljYWwtcnVudGltZSIsInF1aWV0Ijp0cnVlLCJ1bmtub3duQ29uZmlkZW5jZSI6MC41MiwiY29uZmlkZW5jZUJhbmQiOiJtZWRpdW0iLCJ1bmtub3duQWdlRGF5cyI6NCwic291cmNlVHJ1c3QiOiJOVkQiLCJyZWFjaGFiaWxpdHkiOiJydW50aW1lIn1dLCJpc3N1ZXMiOltdfQ==",
-    "signatures": [
-      {
-        "keyId": "scanner-report-signing",
-        "algorithm": "hs256",
-        "signature": "s3qnWeRsYs+QA/nO84Us8G2xjZcvphc2P7KnOdTVwQs="
-      }
-    ]
-  }
-}
+{
+  "payloadType": "application/vnd.stellaops.report+json",
+  "payload": "eyJyZXBvcnRJZCI6InJlcG9ydC1hYmMiLCJpbWFnZURpZ2VzdCI6InNoYTI1NjpmZWVkZmFjZSIsImdlbmVyYXRlZEF0IjoiMjAyNS0xMC0xOVQxMjozNDo1NiswMDowMCIsInZlcmRpY3QiOiJibG9ja2VkIiwicG9saWN5Ijp7InJldmlzaW9uSWQiOiJyZXYtNDIiLCJkaWdlc3QiOiJkaWdlc3QtMTIzIn0sInN1bW1hcnkiOnsidG90YWwiOjEsImJsb2NrZWQiOjEsIndhcm5lZCI6MCwiaWdub3JlZCI6MCwicXVpZXRlZCI6MH0sInZlcmRpY3RzIjpbeyJmaW5kaW5nSWQiOiJmaW5kaW5nLTEiLCJzdGF0dXMiOiJCbG9ja2VkIiwic2NvcmUiOjQ3LjUsInNvdXJjZVRydXN0IjoiTlZEIiwicmVhY2hhYmlsaXR5IjoicnVudGltZSJ9XSwiaXNzdWVzIjpbXX0=",
+  "signatures": [
+    {
+      "keyId": "test-key",
+      "algorithm": "hs256",
+      "signature": "signature-value"
+    }
+  ]
+}