stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

feat: Initialize Zastava Webhook service with TLS and Authority authentication

Browse Source 
- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint.
- Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately.
- Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly.
- Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.
This commit is contained in:
master
2025-10-19 18:36:22 +03:00
parent 7e2fa0a42a
commit 5ce40d2eeb
966 changed files with 91038 additions and 1850 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
samples/api/reports/report-sample.dsse.json Normal file
View File

@@ -0,0 +1,52 @@
{
"report": {
"reportId": "report-3def5f362aa475ef14b6",
"imageDigest": "sha256:deadbeef",
"generatedAt": "2025-10-19T08:28:09.3699267+00:00",
"verdict": "blocked",
"policy": {
"revisionId": "rev-1",
"digest": "27d2ec2b34feedc304fc564d252ecee1c8fa14ea581a5ff5c1ea8963313d5c8d"
},
"summary": {
"total": 1,
"blocked": 1,
"warned": 0,
"ignored": 0,
"quieted": 0
},
"verdicts": [
{
"findingId": "finding-1",
"status": "Blocked",
"ruleName": "Block Critical",
"ruleAction": "Block",
"score": 40.5,
"configVersion": "1.0",
"inputs": {
"reachabilityWeight": 0.45,
"baseScore": 40.5,
"severityWeight": 90,
"trustWeight": 1,
"trustWeight.NVD": 1,
"reachability.runtime": 0.45
},
"quiet": false,
"sourceTrust": "NVD",
"reachability": "runtime"
}
],
"issues": []
},
"dsse": {
"payloadType": "application/vnd.stellaops.report+json",
"payload": "eyJyZXBvcnRJZCI6InJlcG9ydC0zZGVmNWYzNjJhYTQ3NWVmMTRiNiIsImltYWdlRGlnZXN0Ijoic2hhMjU2OmRlYWRiZWVmIiwiZ2VuZXJhdGVkQXQiOiIyMDI1LTEwLTE5VDA4OjI4OjA5LjM2OTkyNjcrMDA6MDAiLCJ2ZXJkaWN0IjoiYmxvY2tlZCIsInBvbGljeSI6eyJyZXZpc2lvbklkIjoicmV2LTEiLCJkaWdlc3QiOiIyN2QyZWMyYjM0ZmVlZGMzMDRmYzU2NGQyNTJlY2VlMWM4ZmExNGVhNTgxYTVmZjVjMWVhODk2MzMxM2Q1YzhkIn0sInN1bW1hcnkiOnsidG90YWwiOjEsImJsb2NrZWQiOjEsIndhcm5lZCI6MCwiaWdub3JlZCI6MCwicXVpZXRlZCI6MH0sInZlcmRpY3RzIjpbeyJmaW5kaW5nSWQiOiJmaW5kaW5nLTEiLCJzdGF0dXMiOiJCbG9ja2VkIiwicnVsZU5hbWUiOiJCbG9jayBDcml0aWNhbCIsInJ1bGVBY3Rpb24iOiJCbG9jayIsInNjb3JlIjo0MC41LCJjb25maWdWZXJzaW9uIjoiMS4wIiwiaW5wdXRzIjp7InJlYWNoYWJpbGl0eVdlaWdodCI6MC40NSwiYmFzZVNjb3JlIjo0MC41LCJzZXZlcml0eVdlaWdodCI6OTAsInRydXN0V2VpZ2h0IjoxLCJ0cnVzdFdlaWdodC5OVkQiOjEsInJlYWNoYWJpbGl0eS5ydW50aW1lIjowLjQ1fSwicXVpZXQiOmZhbHNlLCJzb3VyY2VUcnVzdCI6Ik5WRCIsInJlYWNoYWJpbGl0eSI6InJ1bnRpbWUifV0sImlzc3VlcyI6W119",
"signatures": [
{
"keyId": "scanner-report-signing",
"algorithm": "hs256",
"signature": "s3qnWeRsYs+QA/nO84Us8G2xjZcvphc2P7KnOdTVwQs="
}
]
}
}

19
samples/api/scheduler/audit.json Normal file
View File

@@ -0,0 +1,19 @@
{
"id": "audit_169754",
"tenantId": "tenant-alpha",
"category": "scheduler",
"action": "pause",
"occurredAt": "2025-10-18T22:10:00+00:00",
"actor": {
"actorId": "user_admin",
"displayName": "Cluster Admin",
"kind": "user"
},
"scheduleId": "sch_20251018a",
"correlationId": "corr-123",
"metadata": {
"details": "schedule paused",
"reason": "maintenance"
},
"message": "Paused via API"
}

34
samples/api/scheduler/impact-set.json Normal file
View File

@@ -0,0 +1,34 @@
{
"schemaVersion": "scheduler.impact-set@1",
"selector": {
"scope": "all-images",
"tenantId": "tenant-alpha",
"namespaces": [],
"repositories": [],
"digests": [],
"includeTags": [],
"labels": [],
"resolvesTags": false
},
"images": [
{
"imageDigest": "sha256:f1e2d3",
"registry": "registry.internal",
"repository": "app/api",
"namespaces": [
"team-a"
],
"tags": [
"prod"
],
"usedByEntrypoint": true,
"labels": {
"env": "prod"
}
}
],
"usageOnly": true,
"generatedAt": "2025-10-18T22:02:58+00:00",
"total": 412,
"snapshotId": "impact-20251018-1"
}

50
samples/api/scheduler/run.json Normal file
View File

@@ -0,0 +1,50 @@
{
"schemaVersion": "scheduler.run@1",
"id": "run_20251018_0001",
"tenantId": "tenant-alpha",
"scheduleId": "sch_20251018a",
"trigger": "feedser",
"state": "running",
"stats": {
"candidates": 1280,
"deduped": 910,
"queued": 624,
"completed": 310,
"deltas": 42,
"newCriticals": 7,
"newHigh": 11,
"newMedium": 18,
"newLow": 6
},
"reason": {
"feedserExportId": "exp-20251018-03"
},
"createdAt": "2025-10-18T22:03:14+00:00",
"startedAt": "2025-10-18T22:03:20+00:00",
"deltas": [
{
"imageDigest": "sha256:a1b2c3",
"newFindings": 3,
"newCriticals": 1,
"newHigh": 1,
"newMedium": 1,
"newLow": 0,
"kevHits": [
"CVE-2025-0002"
],
"topFindings": [
{
"purl": "pkg:rpm/openssl@3.0.12-5.el9",
"vulnerabilityId": "CVE-2025-0002",
"severity": "critical",
"link": "https://ui.internal/scans/sha256:a1b2c3"
}
],
"attestation": {
"uuid": "rekor-314",
"verified": true
},
"detectedAt": "2025-10-18T22:03:21+00:00"
}
]
}

57
samples/api/scheduler/schedule.json Normal file
View File

@@ -0,0 +1,57 @@
{
"schemaVersion": "scheduler.schedule@1",
"id": "sch_20251018a",
"tenantId": "tenant-alpha",
"name": "Nightly Prod",
"enabled": true,
"cronExpression": "0 2 * * *",
"timezone": "UTC",
"mode": "analysis-only",
"selection": {
"scope": "by-namespace",
"tenantId": "tenant-alpha",
"namespaces": [
"team-a",
"team-b"
],
"repositories": [
"app/service-api"
],
"digests": [],
"includeTags": [
"canary",
"prod"
],
"labels": [
{
"key": "env",
"values": [
"prod",
"staging"
]
}
],
"resolvesTags": true
},
"onlyIf": {
"lastReportOlderThanDays": 7,
"policyRevision": "policy@42"
},
"notify": {
"onNewFindings": true,
"minSeverity": "high",
"includeKev": true
},
"limits": {
"maxJobs": 1000,
"ratePerSecond": 25,
"parallelism": 4
},
"subscribers": [
"notify.ops"
],
"createdAt": "2025-10-18T22:00:00+00:00",
"createdBy": "svc_scheduler",
"updatedAt": "2025-10-18T22:00:00+00:00",
"updatedBy": "svc_scheduler"
}