Add unit tests for RancherHubConnector and various exporters

- Implemented tests for RancherHubConnector to validate fetching documents, handling errors, and managing state.
- Added tests for CsafExporter to ensure deterministic serialization of CSAF documents.
- Created tests for CycloneDX exporters and reconciler to verify correct handling of VEX claims and output structure.
- Developed OpenVEX exporter tests to confirm the generation of canonical OpenVEX documents and statement merging logic.
- Introduced Rust file caching and license scanning functionality, including a cache key structure and hash computation.
- Added sample Cargo.toml and LICENSE files for testing Rust license scanning functionality.

src/Excititor/__Tests/StellaOps.Excititor.Attestation.Tests/StellaOps.Excititor.Attestation.Tests.csproj

@@ -6,9 +6,14 @@
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <UseConcelierTestInfra>false</UseConcelierTestInfra>
   </PropertyGroup>
+  <ItemGroup>
+    <Compile Remove="..\..\..\StellaOps.Concelier.Tests.Shared\AssemblyInfo.cs" />
+    <Compile Remove="..\..\..\StellaOps.Concelier.Tests.Shared\MongoFixtureCollection.cs" />
+  </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="../../__Libraries/StellaOps.Excititor.Attestation/StellaOps.Excititor.Attestation.csproj" />
     <ProjectReference Include="../../__Libraries/StellaOps.Excititor.Core/StellaOps.Excititor.Core.csproj" />
   </ItemGroup>
-</Project>
+</Project>

src/Excititor/__Tests/StellaOps.Excititor.Attestation.Tests/VexAttestationVerifierTests.cs

@@ -67,6 +67,45 @@ public sealed class VexAttestationVerifierTests : IDisposable
         Assert.Equal("offline", verification.Diagnostics["rekor.state"]);
     }
 
+    [Fact]
+    public async Task VerifyAsync_ReturnsInvalid_WhenTransparencyRequiredAndMissing()
+    {
+        var (request, metadata, envelope) = await CreateSignedAttestationAsync(includeRekor: false);
+        var verifier = CreateVerifier(options =>
+        {
+            options.RequireTransparencyLog = true;
+            options.AllowOfflineTransparency = false;
+        });
+
+        var verification = await verifier.VerifyAsync(
+            new VexAttestationVerificationRequest(request, metadata, envelope),
+            CancellationToken.None);
+
+        Assert.False(verification.IsValid);
+        Assert.Equal("missing", verification.Diagnostics["rekor.state"]);
+        Assert.Equal("invalid", verification.Diagnostics["result"]);
+    }
+
+    [Fact]
+    public async Task VerifyAsync_ReturnsInvalid_WhenTransparencyUnavailableAndOfflineDisallowed()
+    {
+        var (request, metadata, envelope) = await CreateSignedAttestationAsync(includeRekor: true);
+        var transparency = new ThrowingTransparencyLogClient();
+        var verifier = CreateVerifier(options =>
+        {
+            options.RequireTransparencyLog = true;
+            options.AllowOfflineTransparency = false;
+        }, transparency);
+
+        var verification = await verifier.VerifyAsync(
+            new VexAttestationVerificationRequest(request, metadata, envelope),
+            CancellationToken.None);
+
+        Assert.False(verification.IsValid);
+        Assert.Equal("unreachable", verification.Diagnostics["rekor.state"]);
+        Assert.Equal("invalid", verification.Diagnostics["result"]);
+    }
+
     private async Task<(VexAttestationRequest Request, VexAttestationMetadata Metadata, string Envelope)> CreateSignedAttestationAsync(bool includeRekor = false)
     {
         var signer = new FakeSigner();