stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

feat: Add comprehensive product advisories for improved scanner functionality
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Introduced a blueprint for explainable quiet alerts, detailing phases for SBOM, VEX readiness, and attestations.
- Developed a roadmap for deterministic diff-aware rescans, enhancing scanner speed and efficiency.
- Implemented a hash-based SBOM layer cache to optimize container scans by reusing previous results.
- Created a multi-runtime reachability corpus to validate function-level reachability across various programming languages.
- Proposed a stable SBOM model using SPDX 3.0.1 for persistence and CycloneDX 1.6 for interchange.
- Established a validation plan for quiet scans, focusing on provenance and CI integration.
- Documented guidelines for the Findings Ledger module, outlining roles, execution rules, and testing protocols.
This commit is contained in:
master
2025-11-17 00:09:26 +02:00
parent 08b27b8a26
commit 7b01c7d6ac
73 changed files with 3993 additions and 697 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/implplan/archived/updates/2025-11-02-pack-scope-profiles.md Normal file
View File

@@ -0,0 +1,18 @@
# 2025-11-02 · Pack scope catalogue & CLI profiles
**What changed**
- Authority configuration samples (`etc/authority.yaml.sample`) now seed Pack roles (`pack-viewer`, `pack-operator`, `pack-publisher`, `pack-approver`, `pack-admin`) with deterministic scope bundles.
- Added `AddPacksResourcePolicies` helper in `StellaOps.Auth.ServerIntegration` so Packs Registry/Task Runner services can register consistent authorization policies; accompanying unit tests validate the policy catalogue.
- Documented Task Pack CLI profiles (`docs/modules/cli/guides/packs-profiles.md`) and added quick-reference guidance in the CLI manual for setting `StellaOps:Authority:Scope` via profiles or environment variables.
- Updated Authority scope docs and samples to reflect the new roles, keeping offline/air-gap defaults aligned.
**Why**
Task Pack rollout requires explicit RBAC and short-lived tokens per workflow (publish, run, approve). Providing ready-to-use roles, policies, and CLI profiles removes guesswork for operators and ensures tokens carry the correct scopes by default.
**Actions**
1. Refresh Authority configuration in each environment from the updated sample (or add the roles manually) so Pack clients can request tokens.
2. Roll out the CLI profiles or equivalent configuration in automation (`STELLA_PROFILE=packs-operator`, etc.) before enabling pack workflows.
3. Update Task Runner/Packs Registry services to call `AddPacksResourcePolicies()` when wiring authorization.