ui fixes
This commit is contained in:
master
@@ -1,98 +1,90 @@
|
||||
# Quickstart – First Scan in Five Minutes
|
||||
# Quickstart -- Local Dev Environment in Minutes
|
||||
|
||||
> **Status:** public α image ships late 2025 (`registry.stella-ops.org/stella-ops/stella-ops:0.1.0-alpha`). Commands below are ready the moment the tag lands.
|
||||
Get Stella Ops running locally for development and evaluation.
|
||||
|
||||
## 0. Prerequisites (1 min)
|
||||
> This guide is for **local development**. For production deployment, see the [Installation Guide](INSTALL_GUIDE.md).
|
||||
|
||||
| Requirement | Minimum | Notes |
|
||||
|-------------|---------|-------|
|
||||
| OS | Ubuntu 22.04 LTS / Alma 9 | x86‑64 or arm64 |
|
||||
| Docker | Engine 25 + Compose v2 | `docker -v` |
|
||||
| Resources | 2 vCPU / 2 GiB RAM / 10 GiB SSD | Fits developer laptops |
|
||||
| TLS trust | Built-in self-signed or your own certs | Replace `/certs` before production |
|
||||
## Prerequisites
|
||||
|
||||
Keep Valkey and PostgreSQL bundled unless you already operate managed instances.
|
||||
| Requirement | Minimum | Verify |
|
||||
|-------------|---------|--------|
|
||||
| OS | Windows 10+, macOS 12+, Ubuntu 22.04+ | x86-64 or arm64 |
|
||||
| Docker | Engine 20.10+ with Compose v2 | `docker compose version` |
|
||||
| .NET SDK | 10.x | `dotnet --version` |
|
||||
| Node.js | 20+ | `node --version` |
|
||||
| RAM | 16 GB (32 GB recommended) | |
|
||||
| Disk | 50 GB free | |
|
||||
|
||||
## 1. Download the signed bundles (1 min)
|
||||
## 1. Clone the repository
|
||||
|
||||
```bash
|
||||
curl -LO https://get.stella-ops.org/docker-compose.infrastructure.yml
|
||||
curl -LO https://get.stella-ops.org/docker-compose.infrastructure.yml.sig
|
||||
curl -LO https://get.stella-ops.org/docker-compose.stella-ops.yml
|
||||
curl -LO https://get.stella-ops.org/docker-compose.stella-ops.yml.sig
|
||||
|
||||
cosign verify-blob \
|
||||
--key https://stella-ops.org/keys/cosign.pub \
|
||||
--signature docker-compose.infrastructure.yml.sig \
|
||||
docker-compose.infrastructure.yml
|
||||
|
||||
cosign verify-blob \
|
||||
--key https://stella-ops.org/keys/cosign.pub \
|
||||
--signature docker-compose.stella-ops.yml.sig \
|
||||
docker-compose.stella-ops.yml
|
||||
git clone <your-gitea-instance>/stella-ops/stella-ops.git
|
||||
cd stella-ops
|
||||
```
|
||||
|
||||
*Air-gapped?* The [Offline Update Kit](OFFLINE_KIT.md) ships these files plus feeds and plug-ins.
|
||||
## 2. Run the setup script
|
||||
|
||||
## 2. Configure `.env` (1 min)
|
||||
**Windows (PowerShell 7):**
|
||||
|
||||
Create `.env` with the essentials:
|
||||
|
||||
```dotenv
|
||||
STELLA_OPS_COMPANY_NAME="Acme Corp"
|
||||
STELLA_OPS_DEFAULT_ADMIN_USERNAME="admin"
|
||||
STELLA_OPS_DEFAULT_ADMIN_PASSWORD="change-me!"
|
||||
POSTGRES_USER=stella_admin
|
||||
POSTGRES_PASSWORD=$(openssl rand -base64 18)
|
||||
POSTGRES_HOST=postgres
|
||||
VALKEY_PASSWORD=$(openssl rand -base64 18)
|
||||
VALKEY_URL=valkey
|
||||
```powershell
|
||||
.\scripts\setup.ps1
|
||||
```
|
||||
|
||||
Use existing Valkey/PostgreSQL endpoints by setting `POSTGRES_HOST` and `VALKEY_URL`. Keep credentials scoped to Stella Ops; Valkey counters enforce the transparent quota (`{{ quota_token }}` scans/day).
|
||||
|
||||
## 3. Launch services (1 min)
|
||||
**Linux / macOS:**
|
||||
|
||||
```bash
|
||||
docker compose --env-file .env -f docker-compose.infrastructure.yml up -d
|
||||
docker compose --env-file .env -f docker-compose.stella-ops.yml up -d
|
||||
./scripts/setup.sh
|
||||
```
|
||||
|
||||
- `StellaOps.Authority` issues short-lived OpToks for CLI/UI.
|
||||
- `StellaOps.Scanner` hosts `/scan`, queues work to Workers.
|
||||
- `StellaOps.Policy.Engine` and `StellaOps.Concelier` start with seeded policies, feeds sync in the background.
|
||||
The script will:
|
||||
- Verify all prerequisites are installed
|
||||
- Offer to add hosts file entries (50 services need unique loopback IPs)
|
||||
- Create `.env` from the example template (works out of the box, no editing needed)
|
||||
- Start infrastructure (PostgreSQL, Valkey, RustFS)
|
||||
- Build .NET solutions and Docker images
|
||||
- Launch the full platform
|
||||
- Run health checks and report status
|
||||
|
||||
## 4. Run your first scan (1 min)
|
||||
### Infrastructure only (faster)
|
||||
|
||||
```bash
|
||||
stella auth login \
|
||||
--device-code \
|
||||
--audiences scanner,attestor \
|
||||
--scopes attestor.verify,attestor.read
|
||||
stella scan image \
|
||||
--image registry.stella-ops.org/demo/juice-shop:latest \
|
||||
--sbom-type cyclonedx-json
|
||||
To skip builds and just start infrastructure:
|
||||
|
||||
```powershell
|
||||
.\scripts\setup.ps1 -InfraOnly # Windows
|
||||
./scripts/setup.sh --infra-only # Linux/macOS
|
||||
```
|
||||
|
||||
- Expect `<5 s` warm scans once the Delta SBOM cache is primed.
|
||||
- CLI exits non-zero if lattice policy blocks the image; use `stella policy explain --last` for context.
|
||||
- Headers `X-Stella-Quota-Remaining` and the UI banner keep quota usage transparent.
|
||||
## 3. Open the platform
|
||||
|
||||
> Need to inspect attestations only? Swap `attestor.verify` for `attestor.read`. Submission endpoints still need `attestor.write`.
|
||||
Once setup completes, open **https://stella-ops.local** in your browser.
|
||||
|
||||
## 5. Verify & explore (1 min)
|
||||
Accept the self-signed certificate warning on first visit.
|
||||
|
||||
- Check the Console (`https://localhost:8443`) to view findings, VEX evidence, and deterministic replay manifests.
|
||||
- Export the DSSE bundle: `stella export run --format dsse`.
|
||||
- Capture evidence for audit: `stella attest bundle --output demo.dsse.json`.
|
||||
## What's running
|
||||
|
||||
### Sovereign mode in one click
|
||||
After a full setup, you'll have 45+ services running locally:
|
||||
|
||||
- Import the Offline Update Kit (`stella offline-kit import ./stella-ouk-2025-alpha.tar.gz`) to replace every external feed.
|
||||
- Apply a CryptoProfile (`stella authority crypto apply ./profiles/fips.yaml`) to swap signing algorithms without rebuilding.
|
||||
| Service | URL | Purpose |
|
||||
|---------|-----|---------|
|
||||
| Web UI | https://stella-ops.local | Angular console |
|
||||
| Authority | https://authority.stella-ops.local | OAuth2/OIDC |
|
||||
| Scanner | https://scanner.stella-ops.local | SBOM/vulnerability scanning |
|
||||
| Concelier | https://concelier.stella-ops.local | Advisory aggregation |
|
||||
| PostgreSQL | db.stella-ops.local:5432 | Primary database |
|
||||
| Valkey | cache.stella-ops.local:6379 | Cache and messaging |
|
||||
|
||||
### Next steps
|
||||
Full service list: `devops/compose/docker-compose.stella-ops.yml`
|
||||
|
||||
- Harden the deployment with [SECURITY_HARDENING_GUIDE.md](SECURITY_HARDENING_GUIDE.md).
|
||||
- Explore feature highlights in [`key-features.md`](key-features.md).
|
||||
- Plan the rollout using the [evaluation checklist](onboarding/evaluation-checklist.md).
|
||||
## Troubleshooting
|
||||
|
||||
**"stella-ops.local not found"** -- The hosts file entries are missing. Re-run the setup script and accept the hosts file installation, or manually append `devops/compose/hosts.stellaops.local` to your hosts file.
|
||||
|
||||
**Containers unhealthy** -- Check logs with `docker compose -f devops/compose/docker-compose.stella-ops.yml logs <service-name>`.
|
||||
|
||||
**Port conflicts** -- Override ports in `devops/compose/.env`. See `devops/compose/env/stellaops.env.example` for available port variables.
|
||||
|
||||
## Next steps
|
||||
|
||||
- [Developer setup details](dev/DEV_ENVIRONMENT_SETUP.md) -- manual steps, hybrid debugging, building individual modules
|
||||
- [Installation Guide](INSTALL_GUIDE.md) -- production deployment, air-gap, regional compliance
|
||||
- [Architecture overview](ARCHITECTURE_OVERVIEW.md) -- how the platform fits together
|
||||
|
||||
Reference in New Issue
Block a user