Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case

- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.

src/Policy/StellaOps.Policy.Engine/Program.cs

@@ -13,7 +13,24 @@ using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.Engine.Workers;
 using StellaOps.AirGap.Policy;
 
-var builder = WebApplication.CreateBuilder(args);
+var builder = WebApplication.CreateBuilder(args);
+
+var policyEngineConfigFiles = new[]
+{
+    "../etc/policy-engine.yaml",
+    "../etc/policy-engine.local.yaml",
+    "policy-engine.yaml",
+    "policy-engine.local.yaml"
+};
+
+var policyEngineActivationConfigFiles = new[]
+{
+    "../etc/policy-engine.activation.yaml",
+    "../etc/policy-engine.activation.local.yaml",
+    "/config/policy-engine/activation.yaml",
+    "policy-engine.activation.yaml",
+    "policy-engine.activation.local.yaml"
+};
 
 builder.Logging.ClearProviders();
 builder.Logging.AddConsole();
@@ -25,41 +42,41 @@ builder.Configuration.AddStellaOpsDefaults(options =>
     options.ConfigureBuilder = configurationBuilder =>
     {
         var contentRoot = builder.Environment.ContentRootPath;
-        foreach (var relative in new[]
-        {
-            "../etc/policy-engine.yaml",
-            "../etc/policy-engine.local.yaml",
-            "policy-engine.yaml",
-            "policy-engine.local.yaml"
-        })
-        {
-            var path = Path.Combine(contentRoot, relative);
-            configurationBuilder.AddYamlFile(path, optional: true);
-        }
-    };
-});
-
-var bootstrap = StellaOpsConfigurationBootstrapper.Build<PolicyEngineOptions>(options =>
+        foreach (var relative in policyEngineConfigFiles)
+        {
+            var path = Path.Combine(contentRoot, relative);
+            configurationBuilder.AddYamlFile(path, optional: true);
+        }
+
+        foreach (var relative in policyEngineActivationConfigFiles)
+        {
+            var path = Path.Combine(contentRoot, relative);
+            configurationBuilder.AddYamlFile(path, optional: true);
+        }
+    };
+});
+
+var bootstrap = StellaOpsConfigurationBootstrapper.Build<PolicyEngineOptions>(options =>
 {
     options.BasePath = builder.Environment.ContentRootPath;
     options.EnvironmentPrefix = "STELLAOPS_POLICY_ENGINE_";
     options.BindingSection = PolicyEngineOptions.SectionName;
     options.ConfigureBuilder = configurationBuilder =>
     {
-        foreach (var relative in new[]
-        {
-            "../etc/policy-engine.yaml",
-            "../etc/policy-engine.local.yaml",
-            "policy-engine.yaml",
-            "policy-engine.local.yaml"
-        })
-        {
-            var path = Path.Combine(builder.Environment.ContentRootPath, relative);
-            configurationBuilder.AddYamlFile(path, optional: true);
-        }
-    };
-    options.PostBind = static (value, _) => value.Validate();
-});
+        foreach (var relative in policyEngineConfigFiles)
+        {
+            var path = Path.Combine(builder.Environment.ContentRootPath, relative);
+            configurationBuilder.AddYamlFile(path, optional: true);
+        }
+
+        foreach (var relative in policyEngineActivationConfigFiles)
+        {
+            var path = Path.Combine(builder.Environment.ContentRootPath, relative);
+            configurationBuilder.AddYamlFile(path, optional: true);
+        }
+    };
+    options.PostBind = static (value, _) => value.Validate();
+});
 
 builder.Configuration.AddConfiguration(bootstrap.Configuration);