audit, advisories and doctors/setup work
This commit is contained in:
master
@@ -22,6 +22,7 @@ open a PR and append it alphabetically.*
|
||||
| **Azure‑Pipelines** | CI/CD service in Microsoft Azure DevOps. | Recipe in Pipeline Library |
|
||||
| **BDU** | Russian (FSTEC) national vulnerability database: *База данных уязвимостей*. | Merged with NVD by Concelier (vulnerability ingest/merge/export service) |
|
||||
| **BuildKit** | Modern Docker build engine with caching and concurrency. | Needed for layer cache patterns |
|
||||
| **Binary diff** | Section-hash comparison between two binaries or images to detect changes without source. | Used by `stella scan diff` and BinaryDiffV1 predicates |
|
||||
| **CI** | *Continuous Integration* – automated build/test pipeline. | Stella integrates via CLI |
|
||||
| **Cosign** | Open‑source Sigstore tool that signs & verifies container images **and files**. | Images & OUK tarballs |
|
||||
| **CWV / CLS** | *Core Web Vitals* metric – Cumulative Layout Shift. | UI budget ≤ 0.1 |
|
||||
@@ -34,6 +35,7 @@ open a PR and append it alphabetically.*
|
||||
| Term | Definition | Notes |
|
||||
|------|------------|-------|
|
||||
| **Digest (image)** | SHA‑256 hash uniquely identifying a container image or layer. | Pin digests for reproducible builds |
|
||||
| **DSSE envelope** | Signed DSSE v1 wrapper that binds payload bytes and signatures. | Used for binary diff attestations |
|
||||
| **Docker‑in‑Docker (DinD)** | Running Docker daemon inside a CI container. | Used in GitHub / GitLab recipes |
|
||||
| **DTO** | *Data Transfer Object* – C# record serialised to JSON. | Schemas in doc 11 |
|
||||
| **Concelier** | Vulnerability ingest/merge/export service consolidating OVN, GHSA, NVD 2.0, CNNVD, CNVD, ENISA, JVN and BDU feeds into the canonical PostgreSQL store and export artifacts. | Cron default `0 1 * * *` |
|
||||
@@ -83,6 +85,7 @@ open a PR and append it alphabetically.*
|
||||
| **Rekor** | Sigstore transparency log; future work for signature anchoring. | Road‑map P4 |
|
||||
| **RPS** | *Requests Per Second*. | Backend perf budget 40 rps |
|
||||
| **SBOM** | *Software Bill of Materials* – inventory of packages in an image. | Trivy JSON v2 |
|
||||
| **Section hash** | Stable hash of a binary section (for example, .text or .rodata). | Used for binary diff and backport evidence |
|
||||
| **Stella CLI** | Lightweight CLI that submits SBOMs for vulnerability scanning. | See CI recipes |
|
||||
| **Seccomp** | Linux syscall filter JSON profile. | Backend shipped non‑root |
|
||||
| **SLA** | *Service‑Level Agreement* – 24 h / 1‑ticket for Pro. | SRE runbook |
|
||||
@@ -98,6 +101,7 @@ open a PR and append it alphabetically.*
|
||||
| **Trivy** | OSS CVE scanner powering the default `IScannerRunner`. | CLI pinned 0.64 |
|
||||
| **Trivy‑srv** | Long‑running Trivy server exposing gRPC API; speeds up remote scans. | Variant A |
|
||||
| **UI tile** | Dashboard element showing live metric (scans today, feed age, etc.). | Angular Signals |
|
||||
| **Vendor backport** | Vendor patch applied without a version bump; diff evidence proves patch presence. | Key signal for VEX decisions |
|
||||
| **WebSocket** | Full‑duplex channel (`/ws/scan`, `/ws/stats`) for UI real‑time. | Used by tiles |
|
||||
| **Zastava** | Lightweight agent that inventories running containers and can enforce kills. | |
|
||||
|
||||
|
||||
Reference in New Issue
Block a user