feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint. - Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately. - Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly. - Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.
2025-10-19 18:36:22 +03:00
parent 7e2fa0a42a
commit 5ce40d2eeb
966 changed files with 91038 additions and 1850 deletions
--- a/samples/scanner/images/nginx/README.md
+++ b/samples/scanner/images/nginx/README.md
@@ -0,0 +1,3 @@
+# Nginx Inventory Sample
+
+CycloneDX inventory, usage, and BOM Index fixtures for the `docker.io/library/nginx:1.25.4` image. The SBOMs capture base Alpine packages and the BOM Index links each component to the layer that introduced it.
--- a/samples/scanner/images/nginx/bom-index.json
+++ b/samples/scanner/images/nginx/bom-index.json
@@ -0,0 +1,52 @@
+{
+  "schema": "stellaops/bom-index@1",
+  "image": {
+    "repository": "docker.io/library/nginx",
+    "digest": "sha256:8f47d7c6b538c0d9533b78913cba3d5e671e7c4b4e7c6a2bb9a1a1c4d4f8e123",
+    "tag": "1.25.4"
+  },
+  "generatedAt": "2025-10-19T00:00:00Z",
+  "generator": "stellaops/scanner@10.0.0-preview1",
+  "components": [
+    {
+      "purl": "pkg:apk/alpine/nginx@1.25.4-r1?arch=x86_64",
+      "layerDigest": "sha256:1111111111111111111111111111111111111111111111111111111111111111",
+      "usage": ["inventory", "runtime"],
+      "licenses": ["BSD-2-Clause"],
+      "evidence": {
+        "kind": "apk-database",
+        "path": "/lib/apk/db/installed"
+      }
+    },
+    {
+      "purl": "pkg:apk/alpine/openssl@3.2.2-r0?arch=x86_64",
+      "layerDigest": "sha256:2222222222222222222222222222222222222222222222222222222222222222",
+      "usage": ["inventory", "runtime"],
+      "licenses": ["Apache-2.0"],
+      "evidence": {
+        "kind": "apk-database",
+        "path": "/lib/apk/db/installed"
+      }
+    },
+    {
+      "purl": "pkg:apk/alpine/pcre2@10.42-r1?arch=x86_64",
+      "layerDigest": "sha256:3333333333333333333333333333333333333333333333333333333333333333",
+      "usage": ["inventory"],
+      "licenses": ["BSD-3-Clause"],
+      "evidence": {
+        "kind": "apk-database",
+        "path": "/lib/apk/db/installed"
+      }
+    },
+    {
+      "purl": "pkg:apk/alpine/zlib@1.3-r2?arch=x86_64",
+      "layerDigest": "sha256:4444444444444444444444444444444444444444444444444444444444444444",
+      "usage": ["inventory"],
+      "licenses": ["Zlib"],
+      "evidence": {
+        "kind": "apk-database",
+        "path": "/lib/apk/db/installed"
+      }
+    }
+  ]
+}
--- a/samples/scanner/images/nginx/inventory.cdx.json
+++ b/samples/scanner/images/nginx/inventory.cdx.json
@@ -0,0 +1,53 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2025-10-19T00:00:00Z",
+    "component": {
+      "type": "container",
+      "name": "nginx",
+      "version": "1.25.4",
+      "bomRef": "pkg:docker/library/nginx@sha256:8f47d7c6b538c0d9533b78913cba3d5e671e7c4b4e7c6a2bb9a1a1c4d4f8e123"
+    },
+    "tools": [
+      {
+        "name": "StellaOps Scanner",
+        "version": "10.0.0-preview1"
+      }
+    ]
+  },
+  "components": [
+    {
+      "type": "application",
+      "bomRef": "pkg:apk/alpine/nginx@1.25.4-r1?arch=x86_64",
+      "name": "nginx",
+      "version": "1.25.4-r1",
+      "licenses": [
+        {
+          "license": {
+            "id": "2BSD"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "bomRef": "pkg:apk/alpine/openssl@3.2.2-r0?arch=x86_64",
+      "name": "openssl",
+      "version": "3.2.2-r0"
+    },
+    {
+      "type": "library",
+      "bomRef": "pkg:apk/alpine/pcre2@10.42-r1?arch=x86_64",
+      "name": "pcre2",
+      "version": "10.42-r1"
+    },
+    {
+      "type": "library",
+      "bomRef": "pkg:apk/alpine/zlib@1.3-r2?arch=x86_64",
+      "name": "zlib",
+      "version": "1.3-r2"
+    }
+  ]
+}
--- a/samples/scanner/images/nginx/usage.cdx.json
+++ b/samples/scanner/images/nginx/usage.cdx.json
@@ -0,0 +1,28 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2025-10-19T00:00:00Z",
+    "component": {
+      "type": "container",
+      "name": "nginx",
+      "version": "1.25.4",
+      "bomRef": "pkg:docker/library/nginx@sha256:8f47d7c6b538c0d9533b78913cba3d5e671e7c4b4e7c6a2bb9a1a1c4d4f8e123"
+    }
+  },
+  "components": [
+    {
+      "type": "application",
+      "bomRef": "pkg:apk/alpine/nginx@1.25.4-r1?arch=x86_64",
+      "name": "nginx",
+      "version": "1.25.4-r1"
+    },
+    {
+      "type": "library",
+      "bomRef": "pkg:apk/alpine/openssl@3.2.2-r0?arch=x86_64",
+      "name": "openssl",
+      "version": "3.2.2-r0"
+    }
+  ]
+}