Add Ruby language analyzer and related functionality

- Introduced global usings for Ruby analyzer. - Implemented RubyLockData, RubyLockEntry, and RubyLockParser for handling Gemfile.lock files. - Created RubyPackage and RubyPackageCollector to manage Ruby packages and vendor cache. - Developed RubyAnalyzerPlugin and RubyLanguageAnalyzer for analyzing Ruby projects. - Added tests for Ruby language analyzer with sample Gemfile.lock and expected output. - Included necessary project files and references for the Ruby analyzer. - Added third-party licenses for tree-sitter dependencies.
2025-11-03 01:15:43 +02:00
parent ff0eca3a51
commit bf2bf4b395
88 changed files with 6557 additions and 1568 deletions
--- a/etc/authority.yaml.sample
+++ b/etc/authority.yaml.sample
@@ -65,6 +65,28 @@ notifications:
    scope: "notify.escalate"
    requireAdminScope: true

+delegation:
+  quotas:
+    # Maximum concurrent delegated (service account) tokens per tenant.
+    maxActiveTokens: 50
+  serviceAccounts:
+    - accountId: "svc-observer"
+      tenant: "tenant-default"
+      displayName: "Observability Exporter"
+      description: "Delegated identity used by Export Center to read findings."
+      enabled: true
+      allowedScopes:
+        - "jobs:read"
+        - "findings:read"
+      authorizedClients:
+        - "export-center-worker"
+    # - accountId: "svc-airgap-import"
+    #   tenant: "tenant-default"
+    #   displayName: "Airgap Import Service Account"
+    #   enabled: true
+    #   allowedScopes: [ "airgap:import", "airgap:status:read" ]
+    #   authorizedClients: [ "airgap-importer" ]
+
 apiLifecycle:
  legacyAuth:
    enabled: true
@@ -428,6 +450,9 @@ tenants:
        scopes: [ "notify.viewer", "notify.operator" ]
      notify-admin:
        scopes: [ "notify.viewer", "notify.operator", "notify.admin" ]
+    delegation:
+      # Override the default maxActiveTokens for this tenant (optional).
+      maxActiveTokens: 25
      observability-viewer:
        scopes: [ "obs:read", "timeline:read", "evidence:read", "attest:read" ]
      observability-investigator:
--- a/etc/secrets/issuer-directory.mongo.secret.example
+++ b/etc/secrets/issuer-directory.mongo.secret.example
@@ -0,0 +1,6 @@
+# Replace this value with the MongoDB connection string used by Issuer Directory.
+# Keep the file out of version control; mount it via docker-compose env_file or
+# your secrets manager when running the service. Compose expects the helper
+# variable below and injects it into ISSUERDIRECTORY__MONGO__CONNECTIONSTRING
+# at container runtime.
+ISSUER_DIRECTORY_MONGO_CONNECTION_STRING=mongodb://stellaops:change-me@mongo:27017