stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

consolidation of some of the modules, localization fixes, product advisories work, qa work

Browse Source
This commit is contained in:
master
2026-03-05 03:54:22 +02:00
parent 7bafcc3eef
commit 8e1cb9448d
3878 changed files with 72600 additions and 46861 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
src/Scanner/StellaOps.Scanner.WebService/Program.cs
View File

@@ -33,11 +33,13 @@ using StellaOps.Scanner.Core.TrustAnchors;
using StellaOps.Scanner.Emit.Composition;
using StellaOps.Scanner.Gate;
using StellaOps.Scanner.ReachabilityDrift.DependencyInjection;
using StellaOps.Scanner.Reachability.Slices;
using StellaOps.Scanner.SmartDiff.Detection;
using StellaOps.Scanner.Sources.DependencyInjection;
using StellaOps.Scanner.Sources.Persistence;
using StellaOps.Scanner.Storage;
using StellaOps.Scanner.Storage.Extensions;
using StellaOps.Scanner.Storage.Oci;
using StellaOps.Scanner.Storage.Postgres;
using StellaOps.Scanner.Surface.Env;
using StellaOps.Scanner.Surface.FS;
@@ -135,6 +137,14 @@ else
}
builder.Services.AddDeterminismDefaults();
builder.Services.AddScannerCache(builder.Configuration);
builder.Services.AddOptions<SliceCacheOptions>()
.Bind(builder.Configuration.GetSection("scanner:slices:cache"));
builder.Services.AddOptions<SliceQueryServiceOptions>()
.Bind(builder.Configuration.GetSection("scanner:slices:query"));
builder.Services.AddOptions<ReplayCommandServiceOptions>()
.Bind(builder.Configuration.GetSection("scanner:replayCommands"));
builder.Services.AddOptions<ReachabilityStackRepositoryOptions>()
.Bind(builder.Configuration.GetSection("scanner:reachabilityStack"));
builder.Services.AddSingleton<ServiceStatus>();
builder.Services.AddHttpContextAccessor();
builder.Services.AddSingleton<ScanProgressStream>();
@@ -191,6 +201,24 @@ builder.Services.TryAddSingleton<IVexReachabilityDecisionFilter, VexReachability
builder.Services.TryAddSingleton<IMaterialRiskChangeRepository, PostgresMaterialRiskChangeRepository>();
builder.Services.TryAddSingleton<IVexCandidateStore, PostgresVexCandidateStore>();
builder.Services.TryAddSingleton<IScanMetadataRepository, InMemoryScanMetadataRepository>();
builder.Services.TryAddSingleton<ISliceCache, SliceCache>();
builder.Services.TryAddSingleton<VerdictComputer>();
builder.Services.TryAddSingleton<SliceExtractor>();
builder.Services.TryAddSingleton<SliceHasher>();
builder.Services.TryAddSingleton<StellaOps.Scanner.Reachability.Slices.Replay.SliceDiffComputer>();
builder.Services.TryAddSingleton<SliceDsseSigner>();
builder.Services.TryAddSingleton<SliceCasStorage>();
builder.Services.TryAddScoped<ISliceQueryService, SliceQueryService>();
builder.Services.TryAddScoped<IReplayCommandService, ReplayCommandService>();
var reachabilityStackRepositoryOptions = builder.Configuration
.GetSection("scanner:reachabilityStack")
.Get<ReachabilityStackRepositoryOptions>() ?? new ReachabilityStackRepositoryOptions();
if (reachabilityStackRepositoryOptions.Enabled)
{
builder.Services.TryAddSingleton<IReachabilityStackRepository, FileBackedReachabilityStackRepository>();
}
// Secret Detection Settings (Sprint: SPRINT_20260104_006_BE)
builder.Services.AddScoped<ISecretDetectionSettingsService, SecretDetectionSettingsService>();
@@ -270,6 +298,68 @@ else
builder.Services.AddSingleton<IPlatformEventPublisher, NullPlatformEventPublisher>();
}
builder.Services.AddSingleton<IReportEventDispatcher, ReportEventDispatcher>();
builder.Services.AddHttpClient("ScannerOciAttestationPublisher")
.ConfigurePrimaryHttpMessageHandler(() =>
{
if (!bootstrapOptions.ArtifactStore.AllowInsecureTls)
{
return new HttpClientHandler();
}
return new HttpClientHandler
{
ServerCertificateCustomValidationCallback =
HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
};
});
builder.Services.TryAddSingleton(sp =>
{
var options = sp.GetRequiredService<IOptions<ScannerWebServiceOptions>>().Value;
var defaultRegistry = string.IsNullOrWhiteSpace(options.Registry.DefaultRegistry)
? "docker.io"
: options.Registry.DefaultRegistry!.Trim();
var authOptions = new OciRegistryAuthOptions();
var credential = options.Registry.Credentials
.FirstOrDefault(c => string.Equals(c.Registry?.Trim(), defaultRegistry, StringComparison.OrdinalIgnoreCase))
?? options.Registry.Credentials.FirstOrDefault();
if (credential is not null)
{
authOptions.Username = credential.Username;
authOptions.Password = credential.Password;
authOptions.Token = credential.RegistryToken ?? credential.IdentityToken;
authOptions.AllowAnonymousFallback = string.IsNullOrWhiteSpace(authOptions.Username)
&& string.IsNullOrWhiteSpace(authOptions.Token);
}
var registryOptions = new OciRegistryOptions
{
DefaultRegistry = defaultRegistry,
AllowInsecure = bootstrapOptions.ArtifactStore.AllowInsecureTls,
Auth = authOptions
};
var httpClient = sp.GetRequiredService<IHttpClientFactory>().CreateClient("ScannerOciAttestationPublisher");
httpClient.Timeout = TimeSpan.FromSeconds(Math.Max(1, options.AttestationAttachment.RegistryTimeoutSeconds));
return new OciArtifactPusher(
httpClient,
sp.GetRequiredService<StellaOps.Cryptography.ICryptoHash>(),
registryOptions,
sp.GetRequiredService<ILogger<OciArtifactPusher>>(),
sp.GetService<TimeProvider>());
});
builder.Services.TryAddSingleton<IOciAttestationPublisher>(sp =>
{
var options = sp.GetRequiredService<IOptions<ScannerWebServiceOptions>>().Value;
if (!options.AttestationAttachment.AutoAttach)
{
return NullOciAttestationPublisher.Instance;
}
return ActivatorUtilities.CreateInstance<OciAttestationPublisher>(sp);
});
builder.Services.AddScannerStorage(storageOptions =>
{
storageOptions.Postgres.ConnectionString = bootstrapOptions.Storage.Dsn;
@@ -718,6 +808,7 @@ if (resolvedOptions.Features.EnablePolicyPreview)
apiGroup.MapReportEndpoints(resolvedOptions.Api.ReportsSegment);
apiGroup.MapRuntimeEndpoints(resolvedOptions.Api.RuntimeSegment);
apiGroup.MapReachabilityStackEndpoints();
app.MapControllers();
app.MapOpenApiIfAvailable();