feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint. - Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately. - Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly. - Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.
2025-10-19 18:36:22 +03:00
parent 7e2fa0a42a
commit 5ce40d2eeb
966 changed files with 91038 additions and 1850 deletions
--- a/samples/scanner/images/dotnet-aot/README.md
+++ b/samples/scanner/images/dotnet-aot/README.md
@@ -0,0 +1,3 @@
+# .NET AOT Sample
+
+An ahead-of-time compiled worker showcasing how native .NET deployments appear in SBOM outputs. The BOM Index ties NuGet packages back to the generated `deps.json` evidence.
--- a/samples/scanner/images/dotnet-aot/bom-index.json
+++ b/samples/scanner/images/dotnet-aot/bom-index.json
@@ -0,0 +1,52 @@
+{
+  "schema": "stellaops/bom-index@1",
+  "image": {
+    "repository": "registry.stella-ops.org/sample/dotnet-aot",
+    "digest": "sha256:5be6f3ad9d2b1e4fcb4c6f40d9c664fca97f5b4d9ccb8e1d8f970e8b2bce1123",
+    "tag": "1.0.0"
+  },
+  "generatedAt": "2025-10-19T00:00:00Z",
+  "generator": "stellaops/scanner@10.0.0-preview1",
+  "components": [
+    {
+      "purl": "pkg:nuget/Sample.Worker@1.0.0",
+      "layerDigest": "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+      "usage": ["inventory", "runtime"],
+      "licenses": ["MIT"],
+      "evidence": {
+        "kind": "deps-json",
+        "path": "/app/Sample.Worker.deps.json"
+      }
+    },
+    {
+      "purl": "pkg:nuget/Microsoft.Extensions.Hosting@8.0.0",
+      "layerDigest": "sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
+      "usage": ["inventory"],
+      "licenses": ["MIT"],
+      "evidence": {
+        "kind": "deps-json",
+        "path": "/app/Sample.Worker.deps.json"
+      }
+    },
+    {
+      "purl": "pkg:nuget/System.Text.Json@8.0.0",
+      "layerDigest": "sha256:cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc",
+      "usage": ["inventory", "runtime"],
+      "licenses": ["MIT"],
+      "evidence": {
+        "kind": "deps-json",
+        "path": "/app/Sample.Worker.deps.json"
+      }
+    },
+    {
+      "purl": "pkg:nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross@8.0.0",
+      "layerDigest": "sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+      "usage": ["inventory"],
+      "licenses": ["MIT"],
+      "evidence": {
+        "kind": "deps-json",
+        "path": "/app/Sample.Worker.deps.json"
+      }
+    }
+  ]
+}
--- a/samples/scanner/images/dotnet-aot/inventory.cdx.json
+++ b/samples/scanner/images/dotnet-aot/inventory.cdx.json
@@ -0,0 +1,40 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2025-10-19T00:00:00Z",
+    "component": {
+      "type": "container",
+      "name": "dotnet-aot",
+      "version": "8.0.0",
+      "bomRef": "pkg:docker/stellaops/sample-dotnet-aot@sha256:5be6f3ad9d2b1e4fcb4c6f40d9c664fca97f5b4d9ccb8e1d8f970e8b2bce1123"
+    }
+  },
+  "components": [
+    {
+      "type": "application",
+      "bomRef": "pkg:nuget/Sample.Worker@1.0.0",
+      "name": "Sample.Worker",
+      "version": "1.0.0"
+    },
+    {
+      "type": "library",
+      "bomRef": "pkg:nuget/Microsoft.Extensions.Hosting@8.0.0",
+      "name": "Microsoft.Extensions.Hosting",
+      "version": "8.0.0"
+    },
+    {
+      "type": "library",
+      "bomRef": "pkg:nuget/System.Text.Json@8.0.0",
+      "name": "System.Text.Json",
+      "version": "8.0.0"
+    },
+    {
+      "type": "library",
+      "bomRef": "pkg:nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross@8.0.0",
+      "name": "NativeAotRuntime",
+      "version": "8.0.0"
+    }
+  ]
+}
--- a/samples/scanner/images/dotnet-aot/usage.cdx.json
+++ b/samples/scanner/images/dotnet-aot/usage.cdx.json
@@ -0,0 +1,28 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2025-10-19T00:00:00Z",
+    "component": {
+      "type": "container",
+      "name": "dotnet-aot",
+      "version": "8.0.0",
+      "bomRef": "pkg:docker/stellaops/sample-dotnet-aot@sha256:5be6f3ad9d2b1e4fcb4c6f40d9c664fca97f5b4d9ccb8e1d8f970e8b2bce1123"
+    }
+  },
+  "components": [
+    {
+      "type": "application",
+      "bomRef": "pkg:nuget/Sample.Worker@1.0.0",
+      "name": "Sample.Worker",
+      "version": "1.0.0"
+    },
+    {
+      "type": "library",
+      "bomRef": "pkg:nuget/System.Text.Json@8.0.0",
+      "name": "System.Text.Json",
+      "version": "8.0.0"
+    }
+  ]
+}