feat(secrets): Implement secret leak policies and signal binding

- Added `spl-secret-block@1.json` to block deployments with critical or high severity secret findings. - Introduced `spl-secret-warn@1.json` to warn on secret findings without blocking deployments. - Created `SecretSignalBinder.cs` to bind secret evidence to policy evaluation signals. - Developed unit tests for `SecretEvidenceContext` and `SecretSignalBinder` to ensure correct functionality. - Enhanced `SecretSignalContextExtensions` to integrate secret evidence into signal contexts.
2026-01-04 15:44:49 +02:00
parent 1f33143bd1
commit f7d27c6fda
44 changed files with 2406 additions and 1107 deletions
--- a/src/Scheduler/StellaOps.Scheduler.WebService/Program.cs
+++ b/src/Scheduler/StellaOps.Scheduler.WebService/Program.cs
@@ -29,7 +29,7 @@ using StellaOps.Router.AspNet;
 var builder = WebApplication.CreateBuilder(args);

 builder.Services.AddRouting(options => options.LowercaseUrls = true);
-builder.Services.AddSingleton<StellaOps.Scheduler.WebService.ISystemClock, StellaOps.Scheduler.WebService.SystemClock>();
+// TimeProvider.System is registered here for deterministic time support
 builder.Services.TryAddSingleton(TimeProvider.System);

 var authorityOptions = new SchedulerAuthorityOptions();