Add comprehensive security tests for OWASP A02, A05, A07, and A08 categories

- Implemented tests for Cryptographic Failures (A02) to ensure proper handling of sensitive data, secure algorithms, and key management.
- Added tests for Security Misconfiguration (A05) to validate production configurations, security headers, CORS settings, and feature management.
- Developed tests for Authentication Failures (A07) to enforce strong password policies, rate limiting, session management, and MFA support.
- Created tests for Software and Data Integrity Failures (A08) to verify artifact signatures, SBOM integrity, attestation chains, and feed updates.

src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Output/SarifModels.cs

@@ -0,0 +1,168 @@
+using System.Collections.Immutable;
+using System.Text.Json.Serialization;
+
+namespace StellaOps.Scanner.SmartDiff.Output;
+
+/// <summary>
+/// SARIF 2.1.0 log model for Smart-Diff output.
+/// Per Sprint 3500.4 - Smart-Diff Binary Analysis.
+/// </summary>
+public sealed record SarifLog(
+    [property: JsonPropertyName("version")] string Version,
+    [property: JsonPropertyName("$schema")] string Schema,
+    [property: JsonPropertyName("runs")] ImmutableArray<SarifRun> Runs);
+
+/// <summary>
+/// A single SARIF run representing one analysis execution.
+/// </summary>
+public sealed record SarifRun(
+    [property: JsonPropertyName("tool")] SarifTool Tool,
+    [property: JsonPropertyName("results")] ImmutableArray<SarifResult> Results,
+    [property: JsonPropertyName("invocations")] ImmutableArray<SarifInvocation>? Invocations = null,
+    [property: JsonPropertyName("artifacts")] ImmutableArray<SarifArtifact>? Artifacts = null,
+    [property: JsonPropertyName("versionControlProvenance")] ImmutableArray<SarifVersionControlDetails>? VersionControlProvenance = null);
+
+/// <summary>
+/// Tool information for the SARIF run.
+/// </summary>
+public sealed record SarifTool(
+    [property: JsonPropertyName("driver")] SarifToolComponent Driver,
+    [property: JsonPropertyName("extensions")] ImmutableArray<SarifToolComponent>? Extensions = null);
+
+/// <summary>
+/// Tool component (driver or extension).
+/// </summary>
+public sealed record SarifToolComponent(
+    [property: JsonPropertyName("name")] string Name,
+    [property: JsonPropertyName("version")] string Version,
+    [property: JsonPropertyName("informationUri")] string? InformationUri = null,
+    [property: JsonPropertyName("rules")] ImmutableArray<SarifReportingDescriptor>? Rules = null,
+    [property: JsonPropertyName("supportedTaxonomies")] ImmutableArray<SarifToolComponentReference>? SupportedTaxonomies = null);
+
+/// <summary>
+/// Reference to a tool component.
+/// </summary>
+public sealed record SarifToolComponentReference(
+    [property: JsonPropertyName("name")] string Name,
+    [property: JsonPropertyName("guid")] string? Guid = null);
+
+/// <summary>
+/// Rule definition.
+/// </summary>
+public sealed record SarifReportingDescriptor(
+    [property: JsonPropertyName("id")] string Id,
+    [property: JsonPropertyName("name")] string? Name = null,
+    [property: JsonPropertyName("shortDescription")] SarifMessage? ShortDescription = null,
+    [property: JsonPropertyName("fullDescription")] SarifMessage? FullDescription = null,
+    [property: JsonPropertyName("defaultConfiguration")] SarifReportingConfiguration? DefaultConfiguration = null,
+    [property: JsonPropertyName("helpUri")] string? HelpUri = null);
+
+/// <summary>
+/// Rule configuration.
+/// </summary>
+public sealed record SarifReportingConfiguration(
+    [property: JsonPropertyName("level")] SarifLevel Level = SarifLevel.Warning,
+    [property: JsonPropertyName("enabled")] bool Enabled = true);
+
+/// <summary>
+/// SARIF message with text.
+/// </summary>
+public sealed record SarifMessage(
+    [property: JsonPropertyName("text")] string Text,
+    [property: JsonPropertyName("markdown")] string? Markdown = null);
+
+/// <summary>
+/// SARIF result level.
+/// </summary>
+[JsonConverter(typeof(JsonStringEnumConverter<SarifLevel>))]
+public enum SarifLevel
+{
+    [JsonStringEnumMemberName("none")]
+    None,
+
+    [JsonStringEnumMemberName("note")]
+    Note,
+
+    [JsonStringEnumMemberName("warning")]
+    Warning,
+
+    [JsonStringEnumMemberName("error")]
+    Error
+}
+
+/// <summary>
+/// A single result/finding.
+/// </summary>
+public sealed record SarifResult(
+    [property: JsonPropertyName("ruleId")] string RuleId,
+    [property: JsonPropertyName("level")] SarifLevel Level,
+    [property: JsonPropertyName("message")] SarifMessage Message,
+    [property: JsonPropertyName("locations")] ImmutableArray<SarifLocation>? Locations = null,
+    [property: JsonPropertyName("fingerprints")] ImmutableDictionary<string, string>? Fingerprints = null,
+    [property: JsonPropertyName("partialFingerprints")] ImmutableDictionary<string, string>? PartialFingerprints = null,
+    [property: JsonPropertyName("properties")] ImmutableDictionary<string, object>? Properties = null);
+
+/// <summary>
+/// Location of a result.
+/// </summary>
+public sealed record SarifLocation(
+    [property: JsonPropertyName("physicalLocation")] SarifPhysicalLocation? PhysicalLocation = null,
+    [property: JsonPropertyName("logicalLocations")] ImmutableArray<SarifLogicalLocation>? LogicalLocations = null);
+
+/// <summary>
+/// Physical file location.
+/// </summary>
+public sealed record SarifPhysicalLocation(
+    [property: JsonPropertyName("artifactLocation")] SarifArtifactLocation ArtifactLocation,
+    [property: JsonPropertyName("region")] SarifRegion? Region = null);
+
+/// <summary>
+/// Artifact location (file path).
+/// </summary>
+public sealed record SarifArtifactLocation(
+    [property: JsonPropertyName("uri")] string Uri,
+    [property: JsonPropertyName("uriBaseId")] string? UriBaseId = null,
+    [property: JsonPropertyName("index")] int? Index = null);
+
+/// <summary>
+/// Region within a file.
+/// </summary>
+public sealed record SarifRegion(
+    [property: JsonPropertyName("startLine")] int? StartLine = null,
+    [property: JsonPropertyName("startColumn")] int? StartColumn = null,
+    [property: JsonPropertyName("endLine")] int? EndLine = null,
+    [property: JsonPropertyName("endColumn")] int? EndColumn = null);
+
+/// <summary>
+/// Logical location (namespace, class, function).
+/// </summary>
+public sealed record SarifLogicalLocation(
+    [property: JsonPropertyName("name")] string Name,
+    [property: JsonPropertyName("fullyQualifiedName")] string? FullyQualifiedName = null,
+    [property: JsonPropertyName("kind")] string? Kind = null);
+
+/// <summary>
+/// Invocation information.
+/// </summary>
+public sealed record SarifInvocation(
+    [property: JsonPropertyName("executionSuccessful")] bool ExecutionSuccessful,
+    [property: JsonPropertyName("startTimeUtc")] DateTimeOffset? StartTimeUtc = null,
+    [property: JsonPropertyName("endTimeUtc")] DateTimeOffset? EndTimeUtc = null,
+    [property: JsonPropertyName("workingDirectory")] SarifArtifactLocation? WorkingDirectory = null,
+    [property: JsonPropertyName("commandLine")] string? CommandLine = null);
+
+/// <summary>
+/// Artifact (file) information.
+/// </summary>
+public sealed record SarifArtifact(
+    [property: JsonPropertyName("location")] SarifArtifactLocation Location,
+    [property: JsonPropertyName("mimeType")] string? MimeType = null,
+    [property: JsonPropertyName("hashes")] ImmutableDictionary<string, string>? Hashes = null);
+
+/// <summary>
+/// Version control information.
+/// </summary>
+public sealed record SarifVersionControlDetails(
+    [property: JsonPropertyName("repositoryUri")] string RepositoryUri,
+    [property: JsonPropertyName("revisionId")] string? RevisionId = null,
+    [property: JsonPropertyName("branch")] string? Branch = null);