feat: Add Promotion-Time Attestations for Stella Ops

- Introduced a new document for promotion-time attestations, detailing the purpose, predicate schema, producer workflow, verification flow, APIs, and security considerations.
- Implemented the `stella.ops/promotion@v1` predicate schema to capture promotion evidence including image digest, SBOM/VEX artifacts, and Rekor proof.
- Defined producer responsibilities and workflows for CLI orchestration, signer responsibilities, and Export Center integration.
- Added verification steps for auditors to validate promotion attestations offline.

feat: Create Symbol Manifest v1 Specification

- Developed a specification for Symbol Manifest v1 to provide a deterministic format for publishing debug symbols and source maps.
- Defined the manifest structure, including schema, entries, source maps, toolchain, and provenance.
- Outlined upload and verification processes, resolve APIs, runtime proxy, caching, and offline bundle generation.
- Included security considerations and related tasks for implementation.

chore: Add Ruby Analyzer with Git Sources

- Created a Gemfile and Gemfile.lock for Ruby analyzer with dependencies on git-gem, httparty, and path-gem.
- Implemented main application logic to utilize the defined gems and output their versions.
- Added expected JSON output for the Ruby analyzer to validate the integration of the new gems and their functionalities.
- Developed internal observation classes for Ruby packages, runtime edges, and capabilities, including serialization logic for observations.

test: Add tests for Ruby Analyzer

- Created test fixtures for Ruby analyzer, including Gemfile, Gemfile.lock, main application, and expected JSON output.
- Ensured that the tests validate the correct integration and functionality of the Ruby analyzer with the specified gems.

seed-data/analyzers/ruby/git-sources/Gemfile

@@ -0,0 +1,12 @@
+source "https://rubygems.org"
+
+git "https://github.com/example/git-gem.git", branch: "main" do
+  gem "git-gem"
+end
+
+gem "httparty", "~> 0.21.0"
+
+path "../vendor/path-gem" do
+  gem "path-gem", "~> 2.1"
+end
+

seed-data/analyzers/ruby/git-sources/Gemfile.lock

@@ -0,0 +1,31 @@
+GIT
+  remote: https://github.com/example/git-gem.git
+  revision: 0123456789abcdef0123456789abcdef01234567
+  branch: main
+  specs:
+    git-gem (0.5.0)
+
+PATH
+  remote: vendor/plugins/path-gem
+  specs:
+    path-gem (2.1.3)
+      rake (~> 13.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    httparty (0.21.0)
+      multi_xml (~> 0.5)
+    multi_xml (0.6.0)
+    rake (13.1.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  git-gem!
+  httparty (~> 0.21.0)
+  path-gem (~> 2.1)!
+
+BUNDLED WITH
+   2.5.10

seed-data/analyzers/ruby/git-sources/app/main.rb

@@ -0,0 +1,7 @@
+require "git-gem"
+require "path-gem"
+require "httparty"
+
+puts GitGem.version
+puts PathGem::Runner.new.perform
+puts HTTParty.get("https://example.invalid")

seed-data/analyzers/ruby/git-sources/expected.json

@@ -0,0 +1,130 @@
+[
+  {
+    "analyzerId": "ruby",
+    "componentKey": "purl::pkg:gem/git-gem@0.5.0",
+    "purl": "pkg:gem/git-gem@0.5.0",
+    "name": "git-gem",
+    "version": "0.5.0",
+    "type": "gem",
+    "usedByEntrypoint": true,
+    "metadata": {
+      "capability.net": "true",
+      "declaredOnly": "true",
+      "groups": "default",
+      "lockfile": "Gemfile.lock",
+      "runtime.entrypoints": "app/main.rb",
+      "runtime.files": "app/main.rb",
+      "runtime.reasons": "require-static",
+      "runtime.used": "true",
+      "source": "git:https://github.com/example/git-gem.git@0123456789abcdef0123456789abcdef01234567"
+    },
+    "evidence": [
+      {
+        "kind": "file",
+        "source": "Gemfile.lock",
+        "locator": "Gemfile.lock"
+      }
+    ]
+  },
+  {
+    "analyzerId": "ruby",
+    "componentKey": "purl::pkg:gem/httparty@0.21.0",
+    "purl": "pkg:gem/httparty@0.21.0",
+    "name": "httparty",
+    "version": "0.21.0",
+    "type": "gem",
+    "usedByEntrypoint": true,
+    "metadata": {
+      "capability.net": "true",
+      "declaredOnly": "true",
+      "groups": "default",
+      "lockfile": "Gemfile.lock",
+      "runtime.entrypoints": "app/main.rb",
+      "runtime.files": "app/main.rb",
+      "runtime.reasons": "require-static",
+      "runtime.used": "true",
+      "source": "https://rubygems.org/"
+    },
+    "evidence": [
+      {
+        "kind": "file",
+        "source": "Gemfile.lock",
+        "locator": "Gemfile.lock"
+      }
+    ]
+  },
+  {
+    "analyzerId": "ruby",
+    "componentKey": "purl::pkg:gem/multi_xml@0.6.0",
+    "purl": "pkg:gem/multi_xml@0.6.0",
+    "name": "multi_xml",
+    "version": "0.6.0",
+    "type": "gem",
+    "usedByEntrypoint": false,
+    "metadata": {
+      "capability.net": "true",
+      "declaredOnly": "true",
+      "groups": "default",
+      "lockfile": "Gemfile.lock",
+      "source": "https://rubygems.org/"
+    },
+    "evidence": [
+      {
+        "kind": "file",
+        "source": "Gemfile.lock",
+        "locator": "Gemfile.lock"
+      }
+    ]
+  },
+  {
+    "analyzerId": "ruby",
+    "componentKey": "purl::pkg:gem/path-gem@2.1.3",
+    "purl": "pkg:gem/path-gem@2.1.3",
+    "name": "path-gem",
+    "version": "2.1.3",
+    "type": "gem",
+    "usedByEntrypoint": true,
+    "metadata": {
+      "artifact": "vendor/cache/path-gem-2.1.3.gem",
+      "capability.net": "true",
+      "declaredOnly": "false",
+      "groups": "default",
+      "lockfile": "Gemfile.lock",
+      "runtime.entrypoints": "app/main.rb",
+      "runtime.files": "app/main.rb",
+      "runtime.reasons": "require-static",
+      "runtime.used": "true",
+      "source": "vendor-cache"
+    },
+    "evidence": [
+      {
+        "kind": "file",
+        "source": "path-gem-2.1.3.gem",
+        "locator": "vendor/cache/path-gem-2.1.3.gem"
+      }
+    ]
+  },
+  {
+    "analyzerId": "ruby",
+    "componentKey": "purl::pkg:gem/rake@13.1.0",
+    "purl": "pkg:gem/rake@13.1.0",
+    "name": "rake",
+    "version": "13.1.0",
+    "type": "gem",
+    "usedByEntrypoint": false,
+    "metadata": {
+      "capability.net": "true",
+      "declaredOnly": "true",
+      "groups": "default",
+      "lockfile": "Gemfile.lock",
+      "source": "https://rubygems.org/"
+    },
+    "evidence": [
+      {
+        "kind": "file",
+        "source": "Gemfile.lock",
+        "locator": "Gemfile.lock"
+      }
+    ]
+  }
+]

seed-data/analyzers/ruby/git-sources/vendor/plugins/path-gem/.keep

@@ -0,0 +1 @@
+