feat(scanner): Implement Deno analyzer and associated tests

- Added Deno analyzer with comprehensive metadata and evidence structure.
- Created a detailed implementation plan for Sprint 130 focusing on Deno analyzer.
- Introduced AdvisoryAiGuardrailOptions for managing guardrail configurations.
- Developed GuardrailPhraseLoader for loading blocked phrases from JSON files.
- Implemented tests for AdvisoryGuardrailOptions binding and phrase loading.
- Enhanced telemetry for Advisory AI with metrics tracking.
- Added VexObservationProjectionService for querying VEX observations.
- Created extensive tests for VexObservationProjectionService functionality.
- Introduced Ruby language analyzer with tests for simple and complex workspaces.
- Added Ruby application fixtures for testing purposes.

src/Excititor/StellaOps.Excititor.WebService/Program.cs

@@ -1,3 +1,4 @@
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Collections.Immutable;
@@ -5,7 +6,10 @@ using System.Globalization;
 using System.Text;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Primitives;
 using StellaOps.Excititor.Attestation.Verification;
 using StellaOps.Excititor.Attestation.Extensions;
 using StellaOps.Excititor.Attestation;
@@ -51,9 +55,11 @@ services.AddVexAttestation();
 services.Configure<VexAttestationClientOptions>(configuration.GetSection("Excititor:Attestation:Client"));
 services.Configure<VexAttestationVerificationOptions>(configuration.GetSection("Excititor:Attestation:Verification"));
 services.AddVexPolicy();
-services.AddRedHatCsafConnector();
-services.Configure<MirrorDistributionOptions>(configuration.GetSection(MirrorDistributionOptions.SectionName));
-services.AddSingleton<MirrorRateLimiter>();
+services.AddRedHatCsafConnector();
+services.Configure<MirrorDistributionOptions>(configuration.GetSection(MirrorDistributionOptions.SectionName));
+services.AddSingleton<MirrorRateLimiter>();
+services.TryAddSingleton(TimeProvider.System);
+services.AddSingleton<IVexObservationProjectionService, VexObservationProjectionService>();
 
 var rekorSection = configuration.GetSection("Excititor:Attestation:Rekor");
 if (rekorSection.Exists())
@@ -434,6 +440,60 @@ app.MapGet("/vex/raw/{digest}/provenance", async (
     return Results.Json(response);
 });
 
+app.MapGet("/v1/vex/observations/{vulnerabilityId}/{productKey}", async (
+    HttpContext context,
+    string vulnerabilityId,
+    string productKey,
+    [FromServices] IVexObservationProjectionService projectionService,
+    [FromServices] IOptions<VexMongoStorageOptions> storageOptions,
+    CancellationToken cancellationToken) =>
+{
+    var scopeResult = ScopeAuthorization.RequireScope(context, "vex.read");
+    if (scopeResult is not null)
+    {
+        return scopeResult;
+    }
+
+    if (!TryResolveTenant(context, storageOptions.Value, requireHeader: false, out var tenant, out var tenantError))
+    {
+        return tenantError;
+    }
+
+    if (string.IsNullOrWhiteSpace(vulnerabilityId) || string.IsNullOrWhiteSpace(productKey))
+    {
+        return ValidationProblem("vulnerabilityId and productKey are required.");
+    }
+
+    var providerFilter = BuildStringFilterSet(context.Request.Query["providerId"]);
+    var statusFilter = BuildStatusFilter(context.Request.Query["status"]);
+    var since = ParseSinceTimestamp(context.Request.Query["since"]);
+    var limit = ResolveLimit(context.Request.Query["limit"], defaultValue: 200, min: 1, max: 500);
+
+    var request = new VexObservationProjectionRequest(
+        tenant,
+        vulnerabilityId.Trim(),
+        productKey.Trim(),
+        providerFilter,
+        statusFilter,
+        since,
+        limit);
+
+    var result = await projectionService.QueryAsync(request, cancellationToken).ConfigureAwait(false);
+    var statements = result.Statements
+        .Select(ToResponse)
+        .ToList();
+
+    var response = new VexObservationProjectionResponse(
+        request.VulnerabilityId,
+        request.ProductKey,
+        result.GeneratedAtUtc,
+        result.TotalCount,
+        result.Truncated,
+        statements);
+
+    return Results.Json(response);
+});
+
 app.MapPost("/aoc/verify", async (
     HttpContext context,
     VexAocVerifyRequest? request,