feat: Implement vulnerability token signing and verification utilities

- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys. - Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries. - Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads. - Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options. - Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads. - Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features. - Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
2025-11-03 10:02:29 +02:00
parent bf2bf4b395
commit b1e78fe412
215 changed files with 19441 additions and 12185 deletions
--- a/docs/modules/scanner/design/README.md
+++ b/docs/modules/scanner/design/README.md
@@ -0,0 +1,35 @@
+# Scanner Design Dossiers
+
+This directory contains deep technical designs for current and upcoming analyzers and surface components.
+
+## Language analyzers
+- `ruby-analyzer.md` — lockfile, runtime graph, capability signals for Ruby.
+
+## Surface & platform contracts
+- `surface-fs.md`
+- `surface-env.md`
+- `surface-validation.md`
+- `surface-secrets.md`
+
+## OS ecosystem designs
+- `macos-analyzer.md` — Homebrew, pkgutil, `.app` bundle plan.
+- `windows-analyzer.md` — MSI, WinSxS, Chocolatey, registry collectors.
+
+## Demand & dashboards
+- `../../benchmarks/scanner/windows-macos-demand.md` — demand tracker.
+- `../../benchmarks/scanner/windows-macos-interview-template.md` — interview template.
+- `../../api/scanner/windows-coverage.md` — coverage summary dashboard.
+- `../../api/scanner/windows-macos-summary.md` — metric snapshot.
+
+## Utility & reference
+- `../operations/field-engagement.md` — SE workflow guidance.
+- `../operations/analyzers.md` — operational runbook.
+- `../operations/rustfs-migration.md` — storage migration notes.
+
+## Maintenance tips
+- Keep demand tracker (`../../benchmarks/scanner/windows-macos-demand.md`) and API dashboards in sync when updating macOS/Windows designs.
+- Cross-reference policy readiness briefs for associated predicates and waiver models.
+
+## Policy readiness
+- `../policy/secret-leak-detection-readiness.md` — secret leak pipeline decisions.
+- `../policy/windows-package-readiness.md` — Windows analyzer policy decisions.