Project-wide updates for documentation and organization

- Added comprehensive documentation structure with theme and tools support
- Reorganized workflow examples and improved file organization
- Created extensive documentation infrastructure with MkDocs configuration
- Added WCAG-compliant diagrams and styling
- Implemented proper dark/light mode theme support
- Added CI workflow for documentation deployment
- Improved project organization and file structure
- Expanded documentation for all scanning approaches

Signed-off-by: Aaron Lippold <[email protected]>

Author: aaronlippold

.gitattributes

@@ -0,0 +1,4 @@
+docs/node_modules/* linguist-vendored
+docs/node_modules/* -diff -merge
+node_modules/* linguist-vendored
+node_modules/* -diff -merge

.github/workflows/deploy-docs.yml

@@ -0,0 +1,64 @@
+name: Deploy MkDocs
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'docs/**'
+      - 'mkdocs.yml'
+      - '.github/workflows/deploy-docs.yml'
+
+permissions:
+  contents: write
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      
+      # Set up Python and cache dependencies
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.x
+          cache: pip
+          cache-dependency-path: docs/requirements.txt
+      
+      # Install Python dependencies
+      - name: Install Python dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r docs/requirements.txt
+      
+      # Set up Node.js and cache dependencies
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          cache: npm
+          cache-dependency-path: docs/package-lock.json
+      
+      # Install Node.js dependencies
+      - name: Install Node.js dependencies
+        working-directory: ./docs
+        run: npm ci || npm install
+      
+      # Lint Markdown files (but don't fail the build)
+      - name: Lint Markdown files
+        working-directory: ./docs
+        run: npm run lint || echo "Lint check skipped, continuing deployment"
+      
+      # Build and validate documentation
+      - name: Build documentation with validation
+        run: mkdocs build --strict
+      
+      # Deploy to GitHub Pages
+      - name: Deploy documentation
+        run: |
+          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+          mkdocs gh-deploy --force

.gitignore

@@ -0,0 +1,7 @@
+node_modules/
+site/
+__pycache__/
+*.pyc
+.DS_Store
+venv/
+.venv/

CHANGELOG.md

@@ -0,0 +1 @@
+docs/project/changelog.md

README.md

@@ -6,9 +6,9 @@ This project provides a comprehensive platform for securely scanning Kubernetes
 
 Our solution offers three distinct technical approaches for container scanning:
 
-1. **Enhanced Transport Approach**: Modified train-k8s-container plugin for direct, API-based scanning through the Kubernetes management node
-2. **Debug Container Approach**: Ephemeral debug container with chroot-based scanning for distroless containers
-3. **Sidecar Container Approach**: CINC Auditor sidecar container with shared process namespace for any container type
+1. **Kubernetes API Approach** (Recommended): Direct API-based scanning through the Kubernetes API using the train-k8s-container plugin. This is our recommended enterprise solution with future distroless support in development, offering the most scalable and seamless integration. Once distroless support is implemented, this will be a universal solution for all container types.
+2. **Debug Container Approach**: Ephemeral debug container with chroot-based scanning for distroless containers, ideal for environments with ephemeral container support.
+3. **Sidecar Container Approach**: CINC Auditor sidecar container with shared process namespace for any container type, offering universal compatibility across Kubernetes versions.
 
 These approaches can be deployed via:
 - Self-contained shell scripts for direct management and testing
@@ -42,19 +42,25 @@ Both approaches support:
 
 We now provide three distinct approaches for scanning distroless containers:
 
-1. **Ephemeral Debug Container** - Uses `kubectl debug` to attach a debug container and scan via chroot. This approach has some limitations:
+1. **Kubernetes API Approach** (Enterprise Recommended) - Enhanced train-k8s-container plugin for direct, API-based scanning:
+   - **Implementation**: Currently being developed as our strategic enterprise solution
+   - **Advantage**: No additional containers required, most efficient and scalable approach
+   - **Advantage**: Seamless integration with existing CINC Auditor/InSpec workflows
+   - **Advantage**: Transparent to users - same commands for both standard and distroless containers
+   - **Key Advantage**: Will become a universal solution for all container types once distroless support is implemented
+   - **Status**: In active development with high priority for enterprise environments
+
+2. **Debug Container Approach** - Uses `kubectl debug` to attach a debug container and scan via chroot:
    - **Implementation**: The `scan-distroless-container.sh` script demonstrates this approach
    - **Limitation**: Requires Kubernetes clusters with ephemeral container support enabled
-
-2. **Modified Transport Plugin** - Enhanced train-k8s-container plugin for direct, API-based scanning:
-   - **Implementation**: Currently a work in progress
-   - **Advantage**: No additional containers required, most efficient approach
+   - **Use Case**: Best for testing and development environments with ephemeral container support
 
 3. **Sidecar Container Approach** - Deploys a scanner sidecar in the same pod with shared process namespace:
    - **Implementation**: Fully implemented in `scan-with-sidecar.sh` and integrated with CI/CD examples
    - **Advantage**: Works with any Kubernetes cluster, requires no special features
    - **Advantage**: Can scan any container type, including distroless containers
    - **Limitation**: Must be deployed alongside the target container (can't scan existing containers)
+   - **Use Case**: Ideal for environments without ephemeral container support or for universal compatibility
 
 ## Directory Structure
 
@@ -308,30 +314,86 @@ failed:
 
 ## Documentation
 
-For detailed documentation, see the following guides:
+### Online Documentation
+
+Visit our comprehensive documentation at:
+
+- https://mitre.github.io/kube-cinc-secure-scanner/
+
+### Documentation Management
+
+We provide a comprehensive documentation system in the `docs` directory with tools for previewing, validating, and improving documentation quality:
+
+```bash
+# Navigate to the docs directory
+cd docs
+
+# Make the script executable if needed
+chmod +x docs-tools.sh
+
+# Preview documentation (background server)
+./docs-tools.sh preview
+
+# Check server status
+./docs-tools.sh status
+
+# Restart server
+./docs-tools.sh restart
+
+# Stop server
+./docs-tools.sh stop
+
+# Install all documentation dependencies
+./docs-tools.sh setup
+
+# Lint and fix documentation issues
+./docs-tools.sh lint
+./docs-tools.sh fix
+
+# Run comprehensive quality checks
+./docs-tools.sh check-all
+
+# See all available commands
+./docs-tools.sh help
+```
+
+The documentation system includes:
+- MkDocs with Material theme for beautiful documentation
+- Markdown style checking with markdownlint
+- Spell checking with pyspelling
+- Link validation with linkchecker
+- Comprehensive quality validation tools
+
+For more details, see [Documentation Management](docs/README.md)
+
+### Documentation Structure
+
+Our documentation covers the following areas:
 
-### Core Documentation
+#### Core Documentation
 - [Project Overview](docs/overview/README.md)
 - [Quick Start Guide](docs/overview/quickstart.md)
 - [Security Considerations](docs/overview/security.md)
+- [Executive Summary](docs/overview/executive-summary.md)
+- [Security Risk Analysis](docs/overview/security-risk-analysis.md)
 
-### Approach-Specific Documentation
+#### Approach-Specific Documentation
 - [Distroless Container Scanning](docs/distroless-containers.md) - All three approaches compared
 - [Sidecar Container Approach](docs/sidecar-container-approach.md) - Detailed guide for Approach 3
 
-### Visual Documentation
+#### Visual Documentation
 - [Workflow Diagrams](docs/overview/workflows.md) - Mermaid diagrams for visual environments
 - [ASCII Text Diagrams](docs/overview/ascii-diagrams.md) - Terminal-friendly diagrams
 
-### Technical Implementation
+#### Technical Implementation
 - [RBAC Configuration](docs/rbac/README.md)
 - [Service Account Management](docs/service-accounts/README.md)
 - [Token Management](docs/tokens/README.md)
 - [Kubeconfig Generation](docs/configuration/README.md)
 - [SAF CLI Integration](docs/saf-cli-integration.md)
 - [Threshold Configuration](docs/thresholds.md)
 
-### CI/CD Integration
+#### CI/CD Integration
 - [GitLab CI/CD Integration](docs/integration/gitlab.md)
 - [GitLab CI with Services](docs/integration/gitlab-services.md)
 - [GitHub Actions Integration](docs/integration/github-actions.md)

RELEASE-NOTES.md

@@ -0,0 +1,93 @@
+# Release Notes - v1.0.0
+
+## Secure CINC Auditor Kubernetes Container Scanning v1.0.0
+
+We're excited to announce the first stable release of our Secure CINC Auditor Kubernetes Container Scanning platform. This release marks the culmination of extensive development to create a comprehensive, secure, and flexible solution for container compliance scanning in Kubernetes environments.
+
+### Key Features
+
+- **Three Container Scanning Approaches:**
+  - Standard container scanning with train-k8s-container transport
+  - Distroless container scanning via ephemeral debug containers
+  - Sidecar container scanning with shared process namespace
+
+- **Security-Focused Design:**
+  - Least privilege RBAC configurations
+  - Dynamic, time-limited access tokens
+  - Fine-grained label-based access controls
+  - Namespace isolation
+
+- **Flexible Deployment Options:**
+  - Self-contained shell scripts for direct usage
+  - Modular Helm charts for enterprise deployment
+  - CI/CD integration with GitHub Actions and GitLab CI
+
+- **Comprehensive Documentation:**
+  - MkDocs-based documentation site with enhanced navigation
+  - Executive summary for stakeholders
+  - Security risk analysis and mitigations
+  - Approach decision matrix for informed selection
+  - Enterprise integration analysis
+  - Visual workflow diagrams and ASCII text diagrams
+
+- **Integration Capabilities:**
+  - MITRE SAF CLI for threshold validation
+  - GitLab CI integration with services
+  - GitHub Actions workflows
+  - Comprehensive examples for all approaches
+
+### What's Included
+
+1. **Shell Scripts:**
+   - `setup-minikube.sh` - Set up a test environment with multi-node minikube
+   - `scan-container.sh` - Scan standard containers with CINC Auditor
+   - `scan-distroless-container.sh` - Scan distroless containers with debug approach
+   - `scan-with-sidecar.sh` - Scan containers using the sidecar approach
+   - `generate-kubeconfig.sh` - Generate restricted kubeconfig files
+
+2. **Helm Charts:**
+   - `scanner-infrastructure` - Core RBAC, service accounts, tokens
+   - `common-scanner` - Common scanning components and utilities
+   - `standard-scanner` - Standard container scanning
+   - `distroless-scanner` - Distroless container scanning
+   - `sidecar-scanner` - Sidecar container scanning
+
+3. **CI/CD Examples:**
+   - GitHub Actions workflows for all scanning approaches
+   - GitLab CI pipelines for all scanning approaches
+   - GitLab CI with Services for optimized pipeline performance
+
+4. **Documentation:**
+   - Comprehensive MkDocs site with enhanced navigation
+   - Full markdown documentation for all components
+   - Visual workflow diagrams with Mermaid
+   - ASCII text diagrams for terminal readability
+   - Decision matrices and comparison guides
+
+### Requirements
+
+- Kubernetes 1.24+ (for token creation API)
+- kubectl
+- CINC Auditor with train-k8s-container plugin
+- MITRE SAF CLI (for threshold validation)
+- Helm 3.2.0+ (for Helm deployment)
+
+For local documentation preview:
+- Python 3.x
+- MkDocs with Material theme (`pip install -r requirements.txt`)
+
+### Future Development
+
+- Complete the modified train-k8s-container plugin approach
+- Build and publish dedicated CINC Auditor scanner images
+- Create Kubernetes mutating webhook for sidecar injection
+- Add additional CI/CD platform examples
+- Enhance performance for large-scale scanning
+
+### Acknowledgments
+
+This project builds upon the work of:
+- CINC Project (open-source InSpec)
+- MITRE SAF CLI
+- train-k8s-container transport plugin
+- Kubernetes ephemeral containers feature