# StellaOps Feedser & CLI

This repository hosts the StellaOps Feedser service, its plug-in ecosystem, and the
first-party CLI (`stellaops-cli`). Feedser ingests vulnerability advisories from
authoritative sources, stores them in MongoDB, and exports deterministic JSON and
Trivy DB artefacts. The CLI drives scanner distribution, scan execution, and job
control against the Feedser API.

## Quickstart

1. Prepare a MongoDB instance and (optionally) install `trivy-db`/`oras`.
2. Copy `etc/feedser.yaml.sample` to `etc/feedser.yaml` and update the storage + telemetry
   settings.
3. Copy `etc/authority.yaml.sample` to `etc/authority.yaml`, review the issuer, token
   lifetimes, and plug-in descriptors, then edit the companion manifests under
   `etc/authority.plugins/*.yaml` to match your deployment.
4. Start the web service with `dotnet run --project src/StellaOps.Feedser.WebService`.
5. Configure the CLI via environment variables (e.g. `STELLAOPS_BACKEND_URL`) and trigger
   jobs with `dotnet run --project src/StellaOps.Cli -- db merge`.

Detailed operator guidance is available in `docs/10_FEEDSER_CLI_QUICKSTART.md`. API and
command reference material lives in `docs/09_API_CLI_REFERENCE.md`.

Pipeline note: deployment workflows should template `etc/feedser.yaml` during CI/CD,
injecting environment-specific Mongo credentials and telemetry endpoints. Upcoming
releases will add Microsoft OAuth (Entra ID) authentication support—track the quickstart
for integration steps once available.