SRS initial commit

Author: sanjeevred

.env.template

@@ -0,0 +1,27 @@
+# this file is a template for creating your own .env file
+# the variables below will be passed to all containers run locally, and
+# should be defined before running full integration tests
+# see https://pypi.org/project/python-dotenv/ for full format specification
+
+# workspaces token used by the slackwatchman service
+SLACK_TOKEN=
+
+# important env variable for certain orchestrator endpoints
+# do not change this for local testing
+ORCHESTRATOR_SERVICE_NAME=prodsec_automation_toolkit_play
+
+# values used by the sqlcache age-off script
+# time in seconds between age-off operations
+AGEOFF_INTERVAL=86400
+# remove anything older than the below number of hours
+AGEOFF_AGE_IN_HOURS=24
+
+# HOST RESOLUTION CONFIGURATION
+# -----------------------------------------------------------------------------
+# This section is used to define the hosts and ports on which services within
+# the SRS ecosystem are accessible for local testing. Configurations should
+# follow the format:
+#
+# <SERVICE_NAME>_SERVICE_HOST=host.docker.internal
+# <SERVICE_NAME>_SERVICE_PORT=<SERVICE_PORT>
+

.gitattributes

@@ -0,0 +1 @@
+components/blueprints/api/v1/clamav/main.cvd filter=lfs diff=lfs merge=lfs -text

.github/actions/use-venv/action.yml

@@ -0,0 +1,31 @@
+inputs:
+  python-version:
+    default: '3.9'
+  venv-artifact-name:
+    default: 'venv-tar'
+runs:
+  using: composite
+  steps:
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: ${{ inputs.python-version }}
+
+    - name: Download venv artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.venv-artifact-name }}
+        path: .
+
+    - name: Extract venv
+      shell: bash
+      run: |
+        tar -xzf venv.tar.gz
+        # Re-create top-level venv directory layout (optional consistency)
+        mkdir -p venv
+        mv venv/pat_dev_vm 2>/dev/null || true  # noop if already correct
+        if [ ! -d venv/pat_dev_vm ]; then
+          # If tar expanded directly:
+          mv pat_dev_vm venv/ || true
+        fi
+        ls -l venv/pat_dev_vm/bin

.github/workflows/ci.yml

@@ -0,0 +1,109 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches: [ '**' ]
+  pull_request:
+    branches: [ main, develop ]
+
+env:
+  PYTHON_VERSION: '3.9'
+
+jobs:
+  setup:
+    name: Setup Virtual Environment
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          fetch-depth: 1
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Create virtual environment
+        run: |
+          echo "Standing up venv for tests..."
+          make venv
+
+      - name: Archive venv (preserve structure)
+        run: |
+          tar -czf venv.tar.gz venv/pat_dev_vm
+          ls -lh venv.tar.gz
+
+      - name: Upload venv artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: venv-tar
+          path: venv.tar.gz
+          retention-days: 1
+
+  version-canary:
+    name: Version Canary Check
+    runs-on: ubuntu-latest
+    needs: setup
+    if: github.ref != 'refs/heads/develop' && github.ref != 'refs/heads/main'
+    steps:
+      - name: Checkout (needed before using local action)
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          fetch-depth: 1
+
+      - name: Prepare env
+        uses: ./.github/actions/use-venv
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          venv-artifact-name: 'venv-tar'
+          
+      - name: Run version canary
+        run: |
+          echo "Running version canary..."
+          make version_canary
+
+  unit-tests:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    needs: setup
+    if: github.ref != 'refs/heads/develop' && github.ref != 'refs/heads/main'
+    steps:
+      - name: Checkout (needed before using local action)
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          fetch-depth: 1
+
+      - name: Prepare env
+        uses: ./.github/actions/use-venv
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          venv-artifact-name: 'venv-tar'
+
+      - name: Run unit tests
+        run: |
+          echo "Running unit tests..."
+          make test
+
+  # Summary job that depends on all other jobs
+  ci-complete:
+    name: CI Pipeline Complete
+    runs-on: ubuntu-latest
+    needs: [setup, version-canary, unit-tests]
+    if: always()
+    steps:
+      - name: Check all jobs status
+        run: |
+          echo "Setup: ${{ needs.setup.result }}"
+          echo "Version Canary: ${{ needs.version-canary.result }}"
+          echo "Unit Tests: ${{ needs.unit-tests.result }}"
+          
+          if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then
+            echo "One or more jobs failed"
+            exit 1
+          else
+            echo "All applicable jobs completed successfully"
+          fi

.gitignore

@@ -0,0 +1,8 @@
+*.swp
+.DS_Store
+.idea/
+*.pyc
+venv/
+__pycache__/
+.env
+*.db

CONTRIBUTING.md

@@ -0,0 +1,122 @@
+# Contributing to Scan Request Service (SRS)
+
+Welcome! We’re excited you want to help make SRS better. This short guide walks you through:
+
+1. [Setting up a development environment](#1-development-environment-setup)
+2. [Understanding the project structure](#2-project-structure-high-level)
+3. [What to do before you open a Pull Request](#3-pull-requests-guidelines--presubmission-steps)
+4. [How to report issues](#4-reporting-issues)
+5. [Our code of conduct](#5-code-of-conduct)
+
+If you need further explanations or guidance, browse our [documentation](./docs/) and [Developer FAQ](./docs/developer_faq.md).
+
+---
+## 1. Development Environment Setup
+### Prerequisites:
+* Python ≥ 3.10
+* pip
+* virtualenv
+* Docker
+* GNU make
+* libmagic (for python-magic)
+
+### Steps:
+```bash
+make venv      # creates venv/pat_dev_vm (dev virtualenv)
+make help      # verify automation & targets render
+make test      # run unit tests
+```
+You normally do NOT need to manually `source` the venv; the `make` automation handles that. If a target complains that a virtualenv is active, deactivate it and retry.
+
+### Other targets you may use during development:
+```bash
+make it        # integration tests (pytest + tavern)
+make lt        # load tests (k6)
+make bp        # instantiate an empty blueprint template
+make service   # create a service stub within the service manifest
+make service_up    # build & run a service container
+```
+
+---
+## 2. Project Structure (High Level)
+```
+components/blueprints/    # Individual business logic units (Flask blueprints)
+chassis/                  # Shared service chassis (e.g. k_api)
+services/                 # Service definitions (composition lives in manifests)
+make_lib/                 # Automation scripts + blueprint & service manifests
+docs/                     # Developer guides & reference
+requirements.txt          # Automation / tooling deps (not baked into service images)
+```
+### Key ideas:
+- A service = one chassis + N blueprints.
+- Manifests in `make_lib/` define what blueprints and services exists, as well as how those services are composed; avoid manual edits unless extending following documented patterns.
+- Per‑blueprint and chassis `requirements.txt` files control runtime deps; root `requirements.txt` is only for development automation.
+- Use the automation whenever possible! Attempting to manually perform tasks that the automation can already handle via a `make` target can introduce unwanted behaviors.
+
+---
+## 3. Pull Requests: Guidelines & Pre‑Submission Steps
+We follow a [Gitflow branching model](https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow); all feature and bug branches should branch off of `develop`, while `develop` should be the only branch merging into `main`.
+
+When naming branches, use concise and unambiguous terminology that represents the work contained on the branch. Feature and bug branches should be prefixed with `feature/` and `bugfix/` respectively.
+
+### Before you open a PR:
+1. Keep scope focused (one logical change).
+2. Run and pass:
+
+	```bash
+	make test
+	make version_canary   # ensures version & changelog alignment
+	```
+	Run `make it` / `make lt` if you changed integration or performance-sensitive code.
+3. Bump versions (chassis / blueprint / template / service) and update their README changelogs if any related code was changed.
+4. Update OpenAPI docs if you changed an API contract.
+5. Ensure any code changes are covered by unit tests.
+6. Ensure no stray debug prints, commented-out code, or secrets exist in the PR.
+7. Rebase your branch on the latest `develop` and squash to a single meaningful commit.
+8. Write a clear commit message: `feat(ping): add latency metric` (prefixes: feat, fix, docs, refactor, test, perf, chore, sec).
+9. If security-sensitive, note review considerations in the PR description.
+
+### Suggested PR checklist (copy into description):
+```
+[ ] Single logical change (squashed & rebased on develop)
+[ ] Versions bumped + changelogs updated
+[ ] Tests added/updated & passing (unit + integration if needed)
+[ ] make version_canary passes
+[ ] OpenAPI spec updated (if API change)
+[ ] No secrets / debug leftovers
+[ ] Docs/help updated if user-facing behavior changed
+```
+At least one reviewer approval is required. Provide context for your proposed changes (why, not just what) so reviewers can move quickly.
+
+---
+## 4. Reporting Issues
+Please search existing issues and the [FAQ](./docs/developer_faq.md) first.
+
+Include in a new issue:
+- Environment (OS, Python version, Docker version)
+- Exact commands or steps to reproduce
+- Expected vs actual result
+- Relevant logs / stack traces / screenshots
+
+For suspected security vulnerabilities or anything that could expose sensitive data, **do not** open a public issue—use Splunk’s responsible disclosure process instead.
+
+### Feature requests:
+Describe the use case and why existing functionality is insufficient. Implementation suggestions are welcome, but keep them concise.
+
+---
+## 5. Code of Conduct
+We are committed to a respectful, inclusive, and harassment‑free collaborative environment. By participating you agree to:
+- Assume good intent; ask clarifying questions before criticizing
+- Offer constructive, actionable feedback
+- Avoid discriminatory or exclusionary language
+- Respect differing experience levels and backgrounds
+
+Unacceptable behavior (harassment, personal attacks, derogatory comments, sharing private information) may result in removal from discussions or other corrective action. Escalate concerns privately to the maintainers.
+
+---
+## Need Help?
+1. Read the [docs](./docs/) & [FAQ](./docs/developer_faq.md).
+2. Open a detailed [issue](https://github.com/splunk/scan-request-service/issues/new).
+3. For security, use private disclosure channels.
+
+We appreciate every improvement — large or small. Thank you for bettering SRS for the community :heart: