stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
2025-11-08 20:53:45 +02:00
parent 515975edc5
commit 536f6249a6
837 changed files with 37279 additions and 14675 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ops/deployment/TASKS.md
View File

@@ -46,3 +46,5 @@
| HELM-45-001 | TODO | Deployment Guild | COMPOSE-44-001 | Scaffold `deploy/helm/stella` chart with values, component toggles, and pinned image digests for all services; include migration Job templates. | Chart installs in dev cluster; images pinned; lint/tests pass. |
| HELM-45-002 | TODO | Deployment Guild, Security Guild | HELM-45-001 | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. | Helm values support secure defaults; policies validated; docs updated. |
| HELM-45-003 | TODO | Deployment Guild, Observability Guild | HELM-45-001 | Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. | Rolling upgrade succeeds in CI; observability wires confirmed; upgrade docs updated. |
| HELM-45-004 | DONE (2025-11-08) | Deployment Guild, Policy Guild | HELM-45-001 | Wire Policy Engine / Gateway pods to consume the `policy-engine-activation` ConfigMap (envFrom/volume mounts), ensure host configuration loads activation overrides, and update Helm/Compose samples accordingly. | Pods mount config map deterministically; activation settings honored in Policy Engine; samples/tests updated for air-gap parity. |
> 2025-11-08: Added config builder support for `/config/policy-engine/activation.yaml`, templated envFrom injection for policy-engine/gateway pods, verified Policy Engine/Gateway tests, and CI now runs `helm lint` + `helm template` for every `values*.yaml`.