stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

new two advisories and sprints work on them

Browse Source
This commit is contained in:
master
2026-01-16 18:39:36 +02:00
parent 9daf619954
commit 111d80954f
69 changed files with 15508 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/doctor/README.md
View File

@@ -52,7 +52,7 @@ WebSocket /api/v1/doctor/stream
## Available Checks
The Doctor system includes 48+ diagnostic checks across 7 plugins:
The Doctor system includes 60+ diagnostic checks across 9 plugins:
| Plugin | Category | Checks | Description |
|--------|----------|--------|-------------|
@@ -60,10 +60,32 @@ The Doctor system includes 48+ diagnostic checks across 7 plugins:
| `stellaops.doctor.database` | Database | 8 | Connectivity, migrations, schema, connection pool |
| `stellaops.doctor.servicegraph` | ServiceGraph | 6 | Gateway, routing, service health |
| `stellaops.doctor.security` | Security | 9 | OIDC, LDAP, TLS, Vault |
| `stellaops.doctor.attestation` | Security | 4 | Rekor connectivity, Cosign keys, clock skew, offline bundle |
| `stellaops.doctor.verification` | Security | 5 | Artifact pull, signatures, SBOM, VEX, policy engine |
| `stellaops.doctor.scm.*` | Integration.SCM | 8 | GitHub, GitLab connectivity/auth/permissions |
| `stellaops.doctor.registry.*` | Integration.Registry | 6 | Harbor, ECR connectivity/auth/pull |
| `stellaops.doctor.observability` | Observability | 4 | OTLP, logs, metrics |
### Setup Wizard Essential Checks
The following checks are mandatory for the setup wizard to validate a new installation:
1. **DB connectivity + schema version** (`stellaops.doctor.database`)
- `check.db.connection` - Database is reachable
- `check.db.schema.version` - Schema version matches expected
2. **Attestation store availability** (`stellaops.doctor.attestation`)
- `check.attestation.rekor.connectivity` - Rekor transparency log reachable
- `check.attestation.cosign.keymaterial` - Signing keys available (file/KMS/keyless)
- `check.attestation.clock.skew` - System clock synchronized (<5s skew)
3. **Artifact verification pipeline** (`stellaops.doctor.verification`)
- `check.verification.artifact.pull` - Test artifact accessible by digest
- `check.verification.signature` - DSSE signatures verifiable
- `check.verification.sbom.validation` - SBOM (CycloneDX/SPDX) valid
- `check.verification.vex.validation` - VEX document valid
- `check.verification.policy.engine` - Policy evaluation passes
### Check ID Convention
```
@@ -75,6 +97,8 @@ Examples:
- `check.database.migrations.pending`
- `check.services.gateway.routing`
- `check.integration.scm.github.auth`
- `check.attestation.rekor.connectivity`
- `check.verification.sbom.validation`
## CLI Reference