# Findings

**Container(s):** stellaops-findings-ledger-web, stellaops-riskengine-web, stellaops-riskengine-worker, stellaops-api (VulnExplorer)
**Slot:** 25 (ledger), 16 (riskengine), 13 (vulnexplorer)  |  **Port:** 8080  |  **Consumer Group:** findings-ledger, riskengine, vulnexplorer
**Resource Tier:** medium (ledger, riskengine), light (vulnexplorer, riskengine-worker)

## Purpose
The Findings module provides an append-only event ledger for security findings, a risk scoring engine with pluggable providers (CVSS/KEV/EPSS/VEX/fix-exposure), and a vulnerability explorer API. The Ledger tracks finding lifecycle with Merkle-tree integrity, incident management, and scoring APIs. The RiskEngine computes risk scores via job queue. VulnExplorer provides the UI-facing query API.

## API Surface
- `findings-ledger` (via Router) — finding event ingestion, queries, export, incident management, EWS scoring, Merkle proofs, attachment management
- `riskengine` (via Router) — risk score providers listing, job submission, simulation, exploit maturity
- `vulnexplorer` (via Router) — vulnerability search and investigation queries

## Storage
PostgreSQL (`ConnectionStrings:Default` / `ConnectionStrings:FindingsLedger`); RiskEngine supports PostgreSQL or in-memory

## Background Workers
- `riskengine-worker` — background risk score computation (`Worker` hosted service)