536f6249a6
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images. - Added symbols.json detailing function entry and sink points in the WordPress code. - Included runtime traces for function calls in both reachable and unreachable scenarios. - Developed OpenVEX files indicating vulnerability status and justification for both cases. - Updated README for evaluator harness to guide integration with scanner output.
55 lines
1.3 KiB
YAML
55 lines
1.3 KiB
YAML
schemaVersion: 1
|
|
issuer: http://authority.sealed-ci.local
|
|
accessTokenLifetime: 00:02:00
|
|
refreshTokenLifetime: 01:00:00
|
|
identityTokenLifetime: 00:05:00
|
|
authorizationCodeLifetime: 00:05:00
|
|
deviceCodeLifetime: 00:15:00
|
|
pluginDirectories:
|
|
- /app
|
|
plugins:
|
|
configurationDirectory: /app/plugins
|
|
descriptors:
|
|
standard:
|
|
type: standard
|
|
assemblyName: StellaOps.Authority.Plugin.Standard
|
|
enabled: true
|
|
configFile: standard.yaml
|
|
storage:
|
|
connectionString: mongodb://sealedci:sealedci@mongo:27017/authority?authSource=admin
|
|
databaseName: authority
|
|
commandTimeout: 00:00:30
|
|
signing:
|
|
enabled: true
|
|
activeKeyId: sealed-ci
|
|
keyPath: /certificates/authority-signing-dev.pem
|
|
algorithm: ES256
|
|
keySource: file
|
|
bootstrap:
|
|
enabled: false
|
|
crypto:
|
|
providers: []
|
|
security:
|
|
senderConstraints:
|
|
dpop:
|
|
enabled: true
|
|
proofLifetime: 00:02:00
|
|
replayWindow: 00:05:00
|
|
nonce:
|
|
enabled: false
|
|
mtls:
|
|
enabled: false
|
|
airGap:
|
|
egress:
|
|
mode: Sealed
|
|
allowLoopback: true
|
|
allowPrivateNetworks: true
|
|
remediationDocumentationUrl: https://docs.stella-ops.org/airgap/sealed-ci
|
|
supportContact: airgap-ops@stella-ops.org
|
|
tenants:
|
|
- name: sealed-ci
|
|
roles:
|
|
operators:
|
|
scopes:
|
|
- policy:read
|