new two advisories and sprints work on them

2026-01-16 18:39:36 +02:00
parent 9daf619954
commit c3a6269d55
72 changed files with 15540 additions and 18 deletions
--- a/src/__Libraries/StellaOps.Doctor.Plugins.Attestation/Configuration/AttestationPluginOptions.cs
+++ b/src/__Libraries/StellaOps.Doctor.Plugins.Attestation/Configuration/AttestationPluginOptions.cs
@@ -0,0 +1,73 @@
+namespace StellaOps.Doctor.Plugins.Attestation.Configuration;
+
+/// <summary>
+/// Configuration options for the Attestation diagnostic plugin.
+/// </summary>
+public sealed class AttestationPluginOptions
+{
+    /// <summary>
+    /// Configuration section name.
+    /// </summary>
+    public const string SectionName = "Doctor:Plugins:Attestation";
+
+    /// <summary>
+    /// Whether the attestation plugin is enabled.
+    /// </summary>
+    public bool Enabled { get; set; } = true;
+
+    /// <summary>
+    /// Attestation mode: online, offline, or hybrid.
+    /// </summary>
+    public AttestationMode Mode { get; set; } = AttestationMode.Online;
+
+    /// <summary>
+    /// Rekor transparency log URL.
+    /// </summary>
+    public string? RekorUrl { get; set; }
+
+    /// <summary>
+    /// Local Rekor mirror URL for air-gap deployments.
+    /// </summary>
+    public string? RekorMirrorUrl { get; set; }
+
+    /// <summary>
+    /// Path to offline attestation bundle.
+    /// </summary>
+    public string? OfflineBundlePath { get; set; }
+
+    /// <summary>
+    /// Clock skew threshold in seconds for warning level.
+    /// </summary>
+    public int ClockSkewWarnThresholdSeconds { get; set; } = 5;
+
+    /// <summary>
+    /// Clock skew threshold in seconds for failure level.
+    /// </summary>
+    public int ClockSkewFailThresholdSeconds { get; set; } = 30;
+
+    /// <summary>
+    /// HTTP timeout for connectivity checks in seconds.
+    /// </summary>
+    public int HttpTimeoutSeconds { get; set; } = 10;
+}
+
+/// <summary>
+/// Attestation operation mode.
+/// </summary>
+public enum AttestationMode
+{
+    /// <summary>
+    /// All operations use network endpoints (Rekor, Fulcio).
+    /// </summary>
+    Online,
+
+    /// <summary>
+    /// All operations use local offline bundles.
+    /// </summary>
+    Offline,
+
+    /// <summary>
+    /// Try online first, fall back to offline if unavailable.
+    /// </summary>
+    Hybrid
+}