stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: Add Scanner CI runner and related artifacts
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details

Browse Source 
- Implemented `run-scanner-ci.sh` to build and run tests for the Scanner solution with a warmed NuGet cache.
- Created `excititor-vex-traces.json` dashboard for monitoring Excititor VEX observations.
- Added Docker Compose configuration for the OTLP span sink in `docker-compose.spansink.yml`.
- Configured OpenTelemetry collector in `otel-spansink.yaml` to receive and process traces.
- Developed `run-spansink.sh` script to run the OTLP span sink for Excititor traces.
- Introduced `FileSystemRiskBundleObjectStore` for storing risk bundle artifacts in the filesystem.
- Built `RiskBundleBuilder` for creating risk bundles with associated metadata and providers.
- Established `RiskBundleJob` to execute the risk bundle creation and storage process.
- Defined models for risk bundle inputs, entries, and manifests in `RiskBundleModels.cs`.
- Implemented signing functionality for risk bundle manifests with `HmacRiskBundleManifestSigner`.
- Created unit tests for `RiskBundleBuilder`, `RiskBundleJob`, and signing functionality to ensure correctness.
- Added filesystem artifact reader tests to validate manifest parsing and artifact listing.
- Included test manifests for egress scenarios in the task runner tests.
- Developed timeline query service tests to verify tenant and event ID handling.
This commit is contained in:
StellaOps Bot
2025-11-30 19:12:35 +02:00
parent 17d45a6d30
commit 71e9a56cfd
92 changed files with 2596 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docs/modules/export-center/README.md
View File

@@ -2,11 +2,16 @@
Export Center packages reproducible evidence bundles (JSON, Trivy DB, mirror) with provenance metadata and optional signing for offline or mirrored deployments.
## Responsibilities
- Coordinate export jobs based on profiles and scope selectors.
- Assemble manifests, provenance documents, and cosign signatures.
- Stream bundles via HTTP/OCI and stage them for Offline Kit uses.
- Expose CLI/API surfaces for automation.
## Latest updates (2025-11-30)
- Sprint tracker `docs/implplan/SPRINT_0320_0001_0001_docs_modules_export_center.md` and module `TASKS.md` added to mirror status.
- Observability runbook stub + dashboard placeholder added under `operations/` (offline import).
- Bundle/profile/offline manifest guidance reaffirmed (`devportal-offline*.md`, `mirror-bundles.md`, `provenance-and-signing.md`).
## Responsibilities
- Coordinate export jobs based on profiles and scope selectors.
- Assemble manifests, provenance documents, and cosign signatures.
- Stream bundles via HTTP/OCI and stage them for Offline Kit uses.
- Expose CLI/API surfaces for automation.
## Key components
- `StellaOps.ExportCenter.WebService` planner.
@@ -24,10 +29,11 @@ Export Center packages reproducible evidence bundles (JSON, Trivy DB, mirror) wi
- Signer/Attestor for provenance signing.
- CLI for operator-managed exports.
## Operational notes
- Runbooks in ./operations/ for deployment and monitoring.
- Mirror bundle instructions and validation notes.
- Telemetry dashboards for export latency and retry rates.
## Operational notes
- Runbooks in ./operations/ for deployment and monitoring.
- Observability assets: `operations/observability.md` and `operations/dashboards/export-center-observability.json` (offline import).
- Mirror bundle instructions and validation notes.
- Telemetry dashboards for export latency and retry rates.
## Related resources
- ./operations/runbook.md