feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint. - Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately. - Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly. - Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.
2025-10-19 18:36:22 +03:00
parent 7e2fa0a42a
commit 5ce40d2eeb
966 changed files with 91038 additions and 1850 deletions
--- a/docs/events/samples/scanner.scan.completed@1.sample.json
+++ b/docs/events/samples/scanner.scan.completed@1.sample.json
@@ -0,0 +1,78 @@
+{
+  "eventId": "08a6de24-4a94-4d14-8432-9d14f36f6da3",
+  "kind": "scanner.scan.completed",
+  "tenant": "tenant-alpha",
+  "ts": "2025-10-19T12:34:56+00:00",
+  "scope": {
+    "namespace": "acme/edge",
+    "repo": "api",
+    "digest": "sha256:feedface",
+    "labels": {},
+    "attributes": {}
+  },
+  "payload": {
+    "delta": {
+      "kev": ["CVE-2024-9999"],
+      "newCritical": 1
+    },
+    "digest": "sha256:feedface",
+    "dsse": {
+      "payload": "eyJyZXBvcnRJZCI6InJlcG9ydC1hYmMiLCJpbWFnZURpZ2VzdCI6InNoYTI1NjpmZWVkZmFjZSIsImdlbmVyYXRlZEF0IjoiMjAyNS0xMC0xOVQxMjozNDo1NiswMDowMCIsInZlcmRpY3QiOiJibG9ja2VkIiwicG9saWN5Ijp7InJldmlzaW9uSWQiOiJyZXYtNDIiLCJkaWdlc3QiOiJkaWdlc3QtMTIzIn0sInN1bW1hcnkiOnsidG90YWwiOjEsImJsb2NrZWQiOjEsIndhcm5lZCI6MCwiaWdub3JlZCI6MCwicXVpZXRlZCI6MH0sInZlcmRpY3RzIjpbeyJmaW5kaW5nSWQiOiJmaW5kaW5nLTEiLCJzdGF0dXMiOiJCbG9ja2VkIiwic2NvcmUiOjQ3LjUsInNvdXJjZVRydXN0IjoiTlZEIiwicmVhY2hhYmlsaXR5IjoicnVudGltZSJ9XSwiaXNzdWVzIjpbXX0=",
+      "payloadType": "application/vnd.stellaops.report\u002Bjson",
+      "signatures": [{
+        "algorithm": "hs256",
+        "keyId": "test-key",
+        "signature": "signature-value"
+      }]
+    },
+    "findings": [
+      {
+        "cve": "CVE-2024-9999",
+        "id": "finding-1",
+        "reachability": "runtime",
+        "severity": "Critical"
+      }
+    ],
+    "policy": {
+      "digest": "digest-123",
+      "revisionId": "rev-42"
+    },
+    "report": {
+      "generatedAt": "2025-10-19T12:34:56+00:00",
+      "imageDigest": "sha256:feedface",
+      "issues": [],
+      "policy": {
+        "digest": "digest-123",
+        "revisionId": "rev-42"
+      },
+      "reportId": "report-abc",
+      "summary": {
+        "blocked": 1,
+        "ignored": 0,
+        "quieted": 0,
+        "total": 1,
+        "warned": 0
+      },
+      "verdict": "blocked",
+      "verdicts": [
+        {
+          "findingId": "finding-1",
+          "status": "Blocked",
+          "score": 47.5,
+          "sourceTrust": "NVD",
+          "reachability": "runtime"
+        }
+      ]
+    },
+    "reportId": "report-abc",
+    "summary": {
+      "blocked": 1,
+      "ignored": 0,
+      "quieted": 0,
+      "total": 1,
+      "warned": 0
+    },
+    "verdict": "fail"
+  },
+  "attributes": {}
+}