Add initial documentation
This commit is contained in:
34
docs/04_FEATURE_MATRIX.md
Normal file
34
docs/04_FEATURE_MATRIX.md
Normal file
@ -0,0 +1,34 @@
|
||||
# 4 · Feature Matrix — **Stella Ops**
|
||||
*(rev 2.0 · 14 Jul 2025)*
|
||||
|
||||
| Category | Capability | Free Tier (≤ 333 scans / day) | Community Plug‑in | Commercial Add‑On | Notes / ETA |
|
||||
| ---------------------- | ------------------------------------- | ----------------------------- | ----------------- | ------------------- | ------------------------------------------ |
|
||||
| **SBOM Ingestion** | Trivy‑JSON, SPDX‑JSON, CycloneDX‑JSON | ✅ | — | — | Auto‑detect on upload |
|
||||
| | **Delta‑SBOM Cache** | ✅ | — | — | Warm scans < 1 s |
|
||||
| **Scanning** | CVE lookup via local DB | ✅ | — | — | Update job ships weekly feeds |
|
||||
| | Licence‑risk detection | ⏳ (roadmap Q4‑2025) | — | — | SPDX licence list |
|
||||
| **Policy Engine** | YAML rules | ✅ | — | — | In‑UI editor |
|
||||
| | OPA / Rego | ⏳ (β Q1‑2026) | ✅ plug‑in | — | Plug‑in enables Rego |
|
||||
| **Registry** | Anonymous internal registry | ✅ | — | — | `StellaOps.Registry` image |
|
||||
| **Attestation** | Cosign signing | ⏳ (Q1‑2026) | — | — | Requires `StellaOpsAttestor` |
|
||||
| | SLSA provenance v1.0 | — | — | ⏳ (commercial 2026) | Enterprise need |
|
||||
| | Rekor transparency log | — | ✅ plug‑in | — | Air‑gap replica support |
|
||||
| **Quota & Throttling** | 333 scans/day soft limit | ✅ | — | — | Yellow banner at 200, wait‑wall post‑limit |
|
||||
| | Usage API (`/quota`) | ✅ | — | — | CI can poll remaining scans |
|
||||
| **User Interface** | Dark / light mode | ✅ | — | — | Auto‑detect OS theme |
|
||||
| | Russian localisation | ✅ | — | — | Default if `Accept‑Language: ru` |
|
||||
| | Audit trail | ✅ | — | — | Mongo history |
|
||||
| **Deployment** | Docker Compose bundle | ✅ | — | — | Single‑node |
|
||||
| | Helm chart (K8s) | ✅ | — | — | Horizontal scaling |
|
||||
| | High‑availability split services | — | — | ✅ (Add‑On) | HA Redis & Mongo |
|
||||
| **Extensibility** | .NET hot‑load plug‑ins | ✅ | N/A | — | AGPL reference SDK |
|
||||
| | Community plug‑in marketplace | — | ⏳ (β Q2‑2026) | — | Moderated listings |
|
||||
| **Telemetry** | Opt‑in anonymous metrics | ✅ | — | — | Required for quota satisfaction KPI |
|
||||
| **Quota & Tokens** | **Client‑JWT issuance** | ✅ (online 12 h token) | — | — | `/connect/token` |
|
||||
| | **Offline Client‑JWT (30 d)** | ✅ via OUK | — | — | Refreshed monthly in OUK |
|
||||
|
||||
> **Legend:** ✅ = Included ⏳ = Planned — = Not applicable
|
||||
> Rows marked “Commercial Add‑On” are optional paid components shipping outside the AGPL‑core; everything else is FOSS.
|
||||
|
||||
---
|
||||
*Last updated: 14 Jul 2025 (quota rev 2.0).*
|
||||
Reference in New Issue
Block a user