feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint. - Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately. - Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly. - Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.
2025-10-19 18:36:22 +03:00
parent 7e2fa0a42a
commit 5ce40d2eeb
966 changed files with 91038 additions and 1850 deletions
--- a/docs/notify/samples/notify-channel@1.sample.json
+++ b/docs/notify/samples/notify-channel@1.sample.json
@@ -0,0 +1,32 @@
+{
+  "schemaVersion": "notify.channel@1",
+  "channelId": "channel-slack-sec-ops",
+  "tenantId": "tenant-01",
+  "name": "slack:sec-ops",
+  "type": "slack",
+  "displayName": "SecOps Slack",
+  "description": "Primary incident response channel.",
+  "config": {
+    "secretRef": "ref://notify/channels/slack/sec-ops",
+    "target": "#sec-ops",
+    "properties": {
+      "workspace": "stellaops-sec"
+    },
+    "limits": {
+      "concurrency": 2,
+      "requestsPerMinute": 60,
+      "timeout": "PT10S"
+    }
+  },
+  "enabled": true,
+  "labels": {
+    "team": "secops"
+  },
+  "metadata": {
+    "createdByTask": "NOTIFY-MODELS-15-102"
+  },
+  "createdBy": "ops:amir",
+  "createdAt": "2025-10-18T17:02:11+00:00",
+  "updatedBy": "ops:amir",
+  "updatedAt": "2025-10-18T17:45:00+00:00"
+}
--- a/docs/notify/samples/notify-event@1.sample.json
+++ b/docs/notify/samples/notify-event@1.sample.json
@@ -0,0 +1,34 @@
+{
+  "eventId": "8a8d6a2f-9315-49fe-9d52-8fec79ec7aeb",
+  "kind": "scanner.report.ready",
+  "version": "1",
+  "tenant": "tenant-01",
+  "ts": "2025-10-19T03:58:42+00:00",
+  "actor": "scanner-webservice",
+  "scope": {
+    "namespace": "prod-payment",
+    "repo": "ghcr.io/acme/api",
+    "digest": "sha256:79c1f9e5...",
+    "labels": {
+      "environment": "production"
+    },
+    "attributes": {}
+  },
+  "payload": {
+    "delta": {
+      "kev": [
+        "CVE-2025-40123"
+      ],
+      "newCritical": 1,
+      "newHigh": 2
+    },
+    "links": {
+      "rekor": "https://rekor.stella.local/api/v1/log/entries/1",
+      "ui": "https://ui.stella.local/reports/sha256-79c1f9e5"
+    },
+    "verdict": "fail"
+  },
+  "attributes": {
+    "correlationId": "scan-23a6"
+  }
+}
--- a/docs/notify/samples/notify-rule@1.sample.json
+++ b/docs/notify/samples/notify-rule@1.sample.json
@@ -0,0 +1,63 @@
+{
+  "schemaVersion": "notify.rule@1",
+  "ruleId": "rule-secops-critical",
+  "tenantId": "tenant-01",
+  "name": "Critical digests to SecOps",
+  "description": "Escalate KEV-tagged findings to on-call feeds.",
+  "enabled": true,
+  "match": {
+    "eventKinds": [
+      "scanner.report.ready",
+      "scheduler.rescan.delta"
+    ],
+    "namespaces": [
+      "prod-*"
+    ],
+    "repositories": [],
+    "digests": [],
+    "labels": [],
+    "componentPurls": [],
+    "minSeverity": "high",
+    "verdicts": [],
+    "kevOnly": true,
+    "vex": {
+      "includeAcceptedJustifications": false,
+      "includeRejectedJustifications": false,
+      "includeUnknownJustifications": false,
+      "justificationKinds": [
+        "component-remediated",
+        "not-affected"
+      ]
+    }
+  },
+  "actions": [
+    {
+      "actionId": "email-digest",
+      "channel": "email:soc",
+      "digest": "hourly",
+      "template": "digest",
+      "enabled": true,
+      "metadata": {
+        "locale": "en-us"
+      }
+    },
+    {
+      "actionId": "slack-oncall",
+      "channel": "slack:sec-ops",
+      "template": "concise",
+      "throttle": "PT5M",
+      "metadata": {},
+      "enabled": true
+    }
+  ],
+  "labels": {
+    "team": "secops"
+  },
+  "metadata": {
+    "source": "sprint-15"
+  },
+  "createdBy": "ops:zoya",
+  "createdAt": "2025-10-19T04:12:27+00:00",
+  "updatedBy": "ops:zoya",
+  "updatedAt": "2025-10-19T04:45:03+00:00"
+}
--- a/docs/notify/samples/notify-template@1.sample.json
+++ b/docs/notify/samples/notify-template@1.sample.json
@@ -0,0 +1,19 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-slack-concise",
+  "tenantId": "tenant-01",
+  "channelType": "slack",
+  "key": "concise",
+  "locale": "en-us",
+  "body": "{{severity_icon payload.delta.newCritical}} {{summary}}",
+  "description": "Slack concise message for high severity findings.",
+  "renderMode": "markdown",
+  "format": "slack",
+  "metadata": {
+    "version": "2025-10-19"
+  },
+  "createdBy": "ops:zoya",
+  "createdAt": "2025-10-19T05:00:00+00:00",
+  "updatedBy": "ops:zoya",
+  "updatedAt": "2025-10-19T05:45:00+00:00"
+}