# SCM Connector configuration template for StellaOps deployments. # Copy to ../etc/scm-connectors.yaml (relative to the web service content root) # and adjust the values to match your environment. Environment variables # (prefixed with STELLAOPS_SCM_) override these settings at runtime. # Global settings for all SCM connectors scmConnectors: # Default timeout for API requests (in seconds) timeoutSeconds: 30 # User agent string for HTTP requests userAgent: "StellaOps.AdvisoryAI.Remediation/1.0 (+https://stella-ops.org)" # Enable/disable specific connector plugins enabledPlugins: - github - gitlab - azuredevops - gitea # GitHub Connector Configuration # Supports: github.com, GitHub Enterprise Server github: enabled: true # Base URL for GitHub API (leave empty for github.com) baseUrl: "" # Default: https://api.github.com # Authentication token (Personal Access Token or GitHub App token) # Environment variable: STELLAOPS_SCM_GITHUB_TOKEN apiToken: "${GITHUB_PAT}" # Alternative: Path to file containing the token apiTokenFile: "" # Required scopes: repo, workflow (for PR creation and CI status) # For GitHub Apps: contents:write, pull_requests:write, checks:read # Rate limiting rateLimitWarningThreshold: 500 rateLimitBackoff: "00:01:00" # Retry configuration retry: enabled: true maxAttempts: 3 delays: - "00:00:01" - "00:00:02" - "00:00:05" # GitLab Connector Configuration # Supports: gitlab.com, self-hosted GitLab instances gitlab: enabled: true # Base URL for GitLab API (leave empty for gitlab.com) baseUrl: "" # Default: https://gitlab.com/api/v4 # Personal Access Token or Project Access Token # Environment variable: STELLAOPS_SCM_GITLAB_TOKEN apiToken: "${GITLAB_PAT}" apiTokenFile: "" # Required scopes: api, read_repository, write_repository # Rate limiting (GitLab defaults: 300 requests per minute for authenticated) rateLimitWarningThreshold: 100 rateLimitBackoff: "00:01:00" retry: enabled: true maxAttempts: 3 delays: - "00:00:01" - "00:00:02" - "00:00:05" # Azure DevOps Connector Configuration # Supports: Azure DevOps Services, Azure DevOps Server azuredevops: enabled: true # Base URL (leave empty for Azure DevOps Services) baseUrl: "" # Default: https://dev.azure.com # Personal Access Token (PAT) # Environment variable: STELLAOPS_SCM_AZUREDEVOPS_TOKEN apiToken: "${AZURE_DEVOPS_PAT}" apiTokenFile: "" # Required scopes: Code (Read & Write), Pull Request Contribute, Build (Read) # Azure DevOps API version apiVersion: "7.1" # Organization name (required for Azure DevOps Services) # Can be overridden per-repository in options defaultOrganization: "" retry: enabled: true maxAttempts: 3 delays: - "00:00:01" - "00:00:02" - "00:00:05" # Gitea Connector Configuration # Supports: Gitea, Forgejo, Codeberg gitea: enabled: true # Base URL (REQUIRED for Gitea - no default) # Examples: # - https://gitea.example.com # - https://codeberg.org # - https://forgejo.example.com baseUrl: "https://git.example.com" # API Token (generated from Gitea Settings > Applications) # Environment variable: STELLAOPS_SCM_GITEA_TOKEN apiToken: "${GITEA_TOKEN}" apiTokenFile: "" # Required scopes: repo (for full repository access) retry: enabled: true maxAttempts: 3 delays: - "00:00:01" - "00:00:02" - "00:00:05" # Repository-specific overrides # Use this section to configure different credentials per repository repositories: # Example: Override GitHub token for a specific org # - pattern: "github.com/my-org/*" # connector: github # apiToken: "${GITHUB_PAT_MY_ORG}" # Example: Use self-hosted GitLab for internal repos # - pattern: "gitlab.internal.company.com/*" # connector: gitlab # baseUrl: "https://gitlab.internal.company.com/api/v4" # apiToken: "${GITLAB_INTERNAL_TOKEN}" # Example: Azure DevOps with specific organization # - pattern: "dev.azure.com/mycompany/*" # connector: azuredevops # apiToken: "${AZURE_DEVOPS_PAT_MYCOMPANY}" # PR Generation Settings pullRequests: # Default branch name prefix for remediation PRs branchPrefix: "stellaops/remediation/" # Include timestamp in branch name includeBranchTimestamp: true # Maximum length for branch names maxBranchNameLength: 100 # Commit message settings commit: # Sign commits (requires GPG key configured) signCommits: false # Include StellaOps footer in commit messages includeFooter: true footerTemplate: | --- StellaOps Remediation Finding: ${findingId} Plan: ${planId} # PR body settings body: # Include SBOM delta summary includeDelta: true # Include risk assessment includeRiskAssessment: true # Include attestation reference includeAttestation: true # Maximum body length (characters) maxBodyLength: 65535 # CI Status Polling ciStatus: # Enable CI status monitoring enabled: true # Polling interval for CI status checks pollInterval: "00:00:30" # Maximum time to wait for CI to complete maxWaitTime: "01:00:00" # Consider PR successful if no CI is configured allowNoCi: false # Required check names (if empty, all checks must pass) requiredChecks: [] # Checks to ignore (useful for non-blocking status checks) ignoredChecks: - "codecov/*" - "license/*" # Security Settings security: # Verify TLS certificates (disable only for testing) verifySsl: true # Allow insecure HTTP connections (not recommended) allowHttp: false # Proxy settings (if required) proxy: enabled: false url: "" username: "" password: "" noProxy: - "localhost" - "127.0.0.1" # Telemetry for SCM operations telemetry: # Log SCM API calls logApiCalls: true # Include response timing logTiming: true # Redact sensitive data in logs redactSensitiveData: true # Patterns to redact redactionPatterns: - "token" - "password" - "secret" - "pat"