stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
1,054 Commits 1 Branch 0 Tags
89a075ea2107d39ab7182e19f386c2fcb9cf5423
Commit Graph

26 Commits

Author SHA1 Message Date
master
89a075ea21 Add integration connector plugins and compose fixtures 
Scaffold connector plugins for DockerRegistry, GitLab, Gitea,
Jenkins, and Nexus. Wire plugin discovery in IntegrationService
and add compose fixtures for local integration testing.

- 5 new connector plugins under src/Integrations/__Plugins/
- docker-compose.integrations.yml for local fixture services
- Advisory source catalog and source management API updates
- Integration e2e test specs and Playwright config
- Integration hub docs under docs/integrations/

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 17:24:56 +03:00
master
4d8a48a05f Sprint 7+8: Journey UX fixes + identity envelope shared middleware 
Sprint 7 — Deep journey fixes:
  S7-T01: Trust & Signing empty state with "Go to Signing Keys" CTA
  S7-T02: Notifications 3-step setup guide (channel→rule→test)
  S7-T03: Topology validate step skip — "Skip Validation" when API fails,
    with validateSkipped signal matching agentSkipped pattern
  S7-T04: VEX export note on Risk Report tab linking to VEX Ledger

Sprint 8 — Identity envelope shared middleware (ARCHITECTURE):
  S8-T01: New UseIdentityEnvelopeAuthentication() extension in
    StellaOps.Router.AspNet. Reads X-StellaOps-Identity-Envelope headers,
    verifies HMAC-SHA256 via GatewayIdentityEnvelopeCodec, creates
    ClaimsPrincipal with sub/tenant/scopes/roles. 5min clock skew.
  S8-T02: Concelier refactored — removed 78 lines of inline impl,
    now uses shared one-liner
  S8-T03: Scanner — UseIdentityEnvelopeAuthentication() added
  S8-T04: JobEngine — UseIdentityEnvelopeAuthentication() added
  S8-T05: Timeline — UseIdentityEnvelopeAuthentication() added
  S8-T06: Integrations — UseIdentityEnvelopeAuthentication() added
  S8-T07: docs/modules/router/IDENTITY_ENVELOPE_MIDDLEWARE.md

All services now authenticate ReverseProxy requests via gateway envelope.
Scanner scan submit should now work with authenticated identity.

Angular: 0 errors. .NET (6 services): 0 errors.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 18:27:46 +02:00
master
efa33efdbc Sprint 2+3+5: Registry search, workflow chain, unified security data 
Sprint 2 — Registry image search (S2-T01/T02/T03):
  Harbor plugin: SearchRepositoriesAsync + ListArtifactsAsync calling
    Harbor /api/v2.0/search and /api/v2.0/projects/*/repositories/*/artifacts
  Platform endpoint: GET /api/v1/registries/images/search proxies to
    Harbor fixture, returns aggregated RegistryImage[] response
  Frontend: release-management.client.ts now calls /api/v1/registries/*
    instead of the nonexistent /api/registry/* path
  Gateway route: /api/v1/registries → platform (ReverseProxy)

Sprint 3 — Workflow chain links (S3-T01/T02/T03/T05):
  S3-T01: Integration detail health tab shows "Scan your first image"
    CTA after successful registry connection test
  S3-T02: Scan submit page already had "View findings" link (verified)
  S3-T03: Triage findings detail shows "Check policy gates" banner
    after recording a VEX decision
  S3-T05: Promotions list + detail show "Review blocking finding"
    link when promotion is blocked by gate failure

Sprint 5 — Unified security data (S5-T01):
  Security Posture now queries VULNERABILITY_API for triage stats
  Risk Posture card shows real finding count from triage (was hardcoded 0)
  Risk label computed from triage severity breakdown (GUARDED→HIGH)
  Blocking Items shows critical+high counts from triage
  "View in Vulnerabilities workspace" drilldown link added

Angular build: 0 errors. .NET builds: 0 errors.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 16:08:22 +02:00
master
bd78523564 Widen scratch iteration 011 with fixture-backed integrations QA 2026-03-14 03:11:45 +02:00
master
b7cfdbd553 Recover integrations startup migrations and enum persistence 2026-03-07 02:45:40 +02:00
master
54753bfd41 qa iteration 2 2026-03-06 00:40:59 +02:00
master
8e1cb9448d consolidation of some of the modules, localization fixes, product advisories work, qa work 2026-03-05 03:54:22 +02:00
master
63c70a6d37 Search/AdvisoryAI and DAL conversion to EF finishes up. Preparation for microservices consolidation. 2026-02-25 18:19:22 +02:00
master
b07d27772e search and ai stabilization work, localization stablized. 2026-02-24 23:29:36 +02:00
master
e746577380 wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10 2026-02-23 15:30:50 +02:00
master
bd8fee6ed8 stela ops usage fixes roles propagation and timoeut, one account to support multi tenants, migrations consolidation, search to support documentation, doctor and open api vector db search 2026-02-22 19:27:54 +02:00
master
04cacdca8a Gaps fill up, fixes, ui restructuring 2026-02-19 22:10:54 +02:00
master
49cdebe2f1 compose and authority fixes. finish sprints. 2026-02-18 12:00:10 +02:00
master
4bdc298ec1 partly or unimplemented features - now implemented 2026-02-09 08:53:51 +02:00
master
557feefdc3 stabilizaiton work - projects rework for maintenanceability and ui livening 2026-02-03 23:40:04 +02:00
master
5d5e80b2e4 stabilize tests 2026-02-01 21:37:40 +02:00
master
c32fff8f86 license switch agpl -> busl1, sprints work, new product advisories 2026-01-20 15:32:20 +02:00
master
4ca3ce8fb4 sprints completion. new product advisories prepared 2026-01-16 16:30:03 +02:00
master
15aeac8e8b new advisories work and features gaps work 2026-01-14 18:39:19 +02:00
master
95d5898650 audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration 2026-01-14 10:48:00 +02:00
master
582a41d7a9 sprints work 2026-01-11 11:19:40 +02:00
master
a21d3dbc1f save progress 2026-01-09 18:27:46 +02:00
master
608a7f85c0 audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories 2026-01-07 18:50:11 +02:00
StellaOps Bot
ab364c6032 sprints and audit work 2026-01-07 09:43:12 +02:00
StellaOps Bot
e411fde1a9 feat(audit): Apply TreatWarningsAsErrors=true to 160+ production csproj files 
Sprint: SPRINT_20251229_049_BE_csproj_audit_maint_tests
Tasks: AUDIT-0001 through AUDIT-0147 APPLY tasks (approved decisions 1-9)

Changes:
- Set TreatWarningsAsErrors=true for all production .NET projects
- Fixed nullable warnings in Scanner.EntryTrace, Scanner.Evidence,
  Scheduler.Worker, Concelier connectors, and other modules
- Injected TimeProvider/IGuidProvider for deterministic time/ID generation
- Added path traversal validation in AirGap.Bundle
- Fixed NULL handling in various cursor classes
- Third-party GostCryptography retains TreatWarningsAsErrors=false (preserves original)
- Test projects excluded per user decision (rejected decision 10)

Note: All 17 ACSC connector tests pass after snapshot fixture sync
 2026-01-04 11:21:16 +02:00
StellaOps Bot
7a5210e2aa Frontend gaps fill work. Testing fixes work. Auditing in progress. 2025-12-30 01:22:58 +02:00