Use Case

As a... (who is this for)
I want... (what is the desired change)
So that... (why is the change desired)

User Experience

• What is the desired/expected outcome for the user once this ticket is implemented?
• If bug: What is the number of impacted customers? How severe is the impact? Is anyone blocked or broken?

Dependencies

• upstream and/or downstream requirements and timelines to bear in mind

Risks/Unknowns

• What could go wrong while implementing this change? (e.g., performance, inadvertent behavioral changes in adjacent functionality, existing tech debt, etc)
• Is there an opportunity for better cross-driver alignment or testing in this area?
• Is there an opportunity to improve existing documentation on this subject?

Acceptance Criteria

Implementation Requirements

Copy release tooling from mongodb-client-encryption into zstd and configure it to satisfy SSDLC:

• static code analysis 
  • Configure codeql for static analysis scanning
• 3rd party dependencies
  • Set up a silk asset group to track Zstd's 3rd party dependencies (zstd)
  • Adjust the SBOMLite information in the repo to specify we use ZSTD@1.5.6
• artifact signing
  • Use the shared GH action to sign all prebuilds
• compliance attestation
  • Use the shared compliance report tooling to generate and upload a compliance report
• Authorized Publisher
  • Use the shared authorized publisher report tooling to generate and upload an authorized publisher report

Set up release-please for zstd

Testing Requirements

• unit test, spec test sync, etc

Documentation Requirements

• DOCSP ticket, API docs, etc

Follow Up Requirements

• additional tickets to file, required releases, etc
• if node behavior differs/will differ from other drivers, confirm with dbx devs what standard to aim for and what plan, if any, exists to reconcile the diverging behavior moving forward