feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint. - Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately. - Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly. - Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.
2025-10-19 18:36:22 +03:00
parent 2062da7a8b
commit d099a90f9b
966 changed files with 91038 additions and 1850 deletions
--- a/samples/policy/policy-preview-unknown.json
+++ b/samples/policy/policy-preview-unknown.json
@@ -0,0 +1,98 @@
+{
+  "previewRequest": {
+    "imageDigest": "sha256:7dbe0c9a5d4f1c8184007e9d94dbe55928f8a2db5ab9c1c2d4a2f7bbcdfe1234",
+    "findings": [
+      {
+        "id": "library:pkg/openssl@1.1.1w",
+        "severity": "Unknown",
+        "source": "NVD",
+        "tags": [
+          "trust:vendor",
+          "reachability:unknown",
+          "unknown-age-days:5"
+        ]
+      },
+      {
+        "id": "library:pkg/zlib@1.3.1",
+        "severity": "High",
+        "source": "NVD",
+        "tags": [
+          "state:unknown",
+          "reachability:runtime",
+          "unknown-since:2025-10-10T00:00:00Z",
+          "observed-at:2025-10-19T12:00:00Z"
+        ]
+      }
+    ]
+  },
+  "previewResponse": {
+    "success": true,
+    "policyDigest": "8a0f72f8dc5c51c46991db3bba34e9b3c0c8e944a7a6d0a9c29a9aa6b8439876",
+    "revisionId": "rev-42",
+    "changed": 2,
+    "diffs": [
+      {
+        "findingId": "library:pkg/openssl@1.1.1w",
+        "baseline": {
+          "findingId": "library:pkg/openssl@1.1.1w",
+          "status": "Pass",
+          "score": 0,
+          "configVersion": "1.0"
+        },
+        "projected": {
+          "findingId": "library:pkg/openssl@1.1.1w",
+          "status": "Blocked",
+          "ruleName": "Block vendor unknowns",
+          "ruleAction": "block",
+          "score": 19.5,
+          "configVersion": "1.0",
+          "inputs": {
+            "severityWeight": 50,
+            "trustWeight": 0.65,
+            "reachabilityWeight": 0.6,
+            "baseScore": 19.5,
+            "trustWeight.vendor": 0.65,
+            "reachability.unknown": 0.6,
+            "unknownConfidence": 0.55,
+            "unknownAgeDays": 5
+          },
+          "unknownConfidence": 0.55,
+          "confidenceBand": "medium",
+          "unknownAgeDays": 5
+        },
+        "changed": true
+      },
+      {
+        "findingId": "library:pkg/zlib@1.3.1",
+        "baseline": {
+          "findingId": "library:pkg/zlib@1.3.1",
+          "status": "Pass",
+          "score": 0,
+          "configVersion": "1.0"
+        },
+        "projected": {
+          "findingId": "library:pkg/zlib@1.3.1",
+          "status": "Warned",
+          "ruleName": "Runtime mitigation required",
+          "ruleAction": "warn",
+          "score": 33.75,
+          "configVersion": "1.0",
+          "inputs": {
+            "severityWeight": 75,
+            "trustWeight": 1,
+            "reachabilityWeight": 0.45,
+            "baseScore": 33.75,
+            "reachability.runtime": 0.45,
+            "warnPenalty": 15,
+            "unknownConfidence": 0.35,
+            "unknownAgeDays": 9
+          },
+          "unknownConfidence": 0.35,
+          "confidenceBand": "medium",
+          "unknownAgeDays": 9
+        },
+        "changed": true
+      }
+    ]
+  }
+}