stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

feat(secrets): Implement secret leak policies and signal binding

Browse Source 
- Added `spl-secret-block@1.json` to block deployments with critical or high severity secret findings.
- Introduced `spl-secret-warn@1.json` to warn on secret findings without blocking deployments.
- Created `SecretSignalBinder.cs` to bind secret evidence to policy evaluation signals.
- Developed unit tests for `SecretEvidenceContext` and `SecretSignalBinder` to ensure correct functionality.
- Enhanced `SecretSignalContextExtensions` to integrate secret evidence into signal contexts.
This commit is contained in:
StellaOps Bot
2026-01-04 15:44:49 +02:00
parent 1f33143bd1
commit f7d27c6fda
44 changed files with 2406 additions and 1107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Scheduler/StellaOps.Scheduler.WebService/Schedules/InMemorySchedulerServices.cs
View File

@@ -124,11 +124,22 @@ internal sealed class InMemoryRunSummaryService : IRunSummaryService
internal sealed class InMemorySchedulerAuditService : ISchedulerAuditService
{
private readonly TimeProvider _timeProvider;
private readonly StellaOps.Determinism.IGuidProvider _guidProvider;
public InMemorySchedulerAuditService(
TimeProvider? timeProvider = null,
StellaOps.Determinism.IGuidProvider? guidProvider = null)
{
_timeProvider = timeProvider ?? TimeProvider.System;
_guidProvider = guidProvider ?? StellaOps.Determinism.SystemGuidProvider.Instance;
}
public Task<AuditRecord> WriteAsync(SchedulerAuditEvent auditEvent, CancellationToken cancellationToken = default)
{
var occurredAt = auditEvent.OccurredAt ?? DateTimeOffset.UtcNow;
var occurredAt = auditEvent.OccurredAt ?? _timeProvider.GetUtcNow();
var record = new AuditRecord(
auditEvent.AuditId ?? $"audit_{Guid.NewGuid():N}",
auditEvent.AuditId ?? $"audit_{_guidProvider.NewGuid():N}",
auditEvent.TenantId,
auditEvent.Category,
auditEvent.Action,