audit, advisories and doctors/setup work

2026-01-13 18:53:39 +02:00
parent 9ca7cb183e
commit d7be6ba34b
811 changed files with 54242 additions and 4056 deletions
--- a/src/Policy/__Libraries/StellaOps.Policy/ToolLattice/ToolLatticeDefaults.cs
+++ b/src/Policy/__Libraries/StellaOps.Policy/ToolLattice/ToolLatticeDefaults.cs
@@ -0,0 +1,40 @@
+using System.Collections.Generic;
+
+namespace StellaOps.Policy.ToolLattice;
+
+internal static class ToolLatticeDefaults
+{
+    public static IReadOnlyList<ToolAccessRule> CreateDefaults()
+    {
+        return new[]
+        {
+            new ToolAccessRule
+            {
+                Id = "default-vex-query",
+                Tool = "vex.query",
+                Action = "read",
+                Effect = ToolAccessEffect.Allow,
+                Priority = -100,
+                Scopes = { "vex:read" }
+            },
+            new ToolAccessRule
+            {
+                Id = "default-sbom-read",
+                Tool = "sbom.read",
+                Action = "read",
+                Effect = ToolAccessEffect.Allow,
+                Priority = -100,
+                Scopes = { "sbom:read" }
+            },
+            new ToolAccessRule
+            {
+                Id = "default-scanner-findings-topk",
+                Tool = "scanner.findings.topk",
+                Action = "read",
+                Effect = ToolAccessEffect.Allow,
+                Priority = -100,
+                Scopes = { "scanner:read", "findings:read" }
+            }
+        };
+    }
+}