global: profile: dev release: version: "2025.10.0-edge" channel: edge manifestSha256: "822f82987529ea38d2321dbdd2ef6874a4062a117116a20861c26a8df1807beb" image: pullPolicy: IfNotPresent labels: stellaops.io/channel: edge telemetry: collector: enabled: true defaultTenant: dev tls: secretName: stellaops-otel-tls configMaps: notify-config: data: notify.yaml: | storage: driver: postgres connectionString: "Host=stellaops-postgres;Port=5432;Database=notify;Username=stellaops;Password=stellaops" commandTimeoutSeconds: 30 authority: enabled: true issuer: "https://authority.dev.stella-ops.local" metadataAddress: "https://authority.dev.stella-ops.local/.well-known/openid-configuration" requireHttpsMetadata: false allowAnonymousFallback: false backchannelTimeoutSeconds: 30 tokenClockSkewSeconds: 60 audiences: - notify.dev readScope: notify.read adminScope: notify.admin api: basePath: "/api/v1/notify" internalBasePath: "/internal/notify" tenantHeader: "X-StellaOps-Tenant" plugins: baseDirectory: "../" directory: "plugins/notify" searchPatterns: - "StellaOps.Notify.Connectors.*.dll" orderedPlugins: - StellaOps.Notify.Connectors.Slack - StellaOps.Notify.Connectors.Teams - StellaOps.Notify.Connectors.Email - StellaOps.Notify.Connectors.Webhook telemetry: enableRequestLogging: true minimumLogLevel: Debug policy-engine-activation: data: STELLAOPS_POLICY_ENGINE__ACTIVATION__FORCETWOPERSONAPPROVAL: "false" STELLAOPS_POLICY_ENGINE__ACTIVATION__DEFAULTREQUIRESTWOPERSONAPPROVAL: "false" STELLAOPS_POLICY_ENGINE__ACTIVATION__EMITAUDITLOGS: "true" services: authority: image: registry.stella-ops.org/stellaops/authority@sha256:a8e8faec44a579aa5714e58be835f25575710430b1ad2ccd1282a018cd9ffcdd service: port: 8440 env: STELLAOPS_AUTHORITY__ISSUER: "https://stellaops-authority:8440" STELLAOPS_AUTHORITY__STORAGE__DRIVER: "postgres" STELLAOPS_AUTHORITY__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=stellaops-postgres;Port=5432;Database=authority;Username=stellaops;Password=stellaops" STELLAOPS_AUTHORITY__CACHE__REDIS__CONNECTIONSTRING: "stellaops-valkey:6379" STELLAOPS_AUTHORITY__PLUGINDIRECTORIES__0: "/app/plugins" STELLAOPS_AUTHORITY__PLUGINS__CONFIGURATIONDIRECTORY: "/app/etc/authority.plugins" signer: image: registry.stella-ops.org/stellaops/signer@sha256:8bfef9a75783883d49fc18e3566553934e970b00ee090abee9cb110d2d5c3298 service: port: 8441 env: SIGNER__AUTHORITY__BASEURL: "https://stellaops-authority:8440" SIGNER__POE__INTROSPECTURL: "https://licensing.svc.local/introspect" SIGNER__STORAGE__DRIVER: "postgres" SIGNER__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=stellaops-postgres;Port=5432;Database=signer;Username=stellaops;Password=stellaops" SIGNER__CACHE__REDIS__CONNECTIONSTRING: "stellaops-valkey:6379" attestor: image: registry.stella-ops.org/stellaops/attestor@sha256:5cc417948c029da01dccf36e4645d961a3f6d8de7e62fe98d845f07cd2282114 service: port: 8442 env: ATTESTOR__SIGNER__BASEURL: "https://stellaops-signer:8441" ATTESTOR__STORAGE__DRIVER: "postgres" ATTESTOR__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=stellaops-postgres;Port=5432;Database=attestor;Username=stellaops;Password=stellaops" ATTESTOR__CACHE__REDIS__CONNECTIONSTRING: "stellaops-valkey:6379" concelier: image: registry.stella-ops.org/stellaops/concelier@sha256:dafef3954eb4b837e2c424dd2d23e1e4d60fa83794840fac9cd3dea1d43bd085 service: port: 8445 env: CONCELIER__STORAGE__DRIVER: "postgres" CONCELIER__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=stellaops-postgres;Port=5432;Database=concelier;Username=stellaops;Password=stellaops" CONCELIER__STORAGE__S3__ENDPOINT: "http://stellaops-rustfs:8080" CONCELIER__CACHE__REDIS__CONNECTIONSTRING: "stellaops-valkey:6379" CONCELIER__AUTHORITY__BASEURL: "https://stellaops-authority:8440" volumeMounts: - name: concelier-jobs mountPath: /var/lib/concelier/jobs volumes: - name: concelier-jobs emptyDir: {} scanner-web: image: registry.stella-ops.org/stellaops/scanner-web@sha256:e0dfdb087e330585a5953029fb4757f5abdf7610820a085bd61b457dbead9a11 service: port: 8444 env: SCANNER__STORAGE__DRIVER: "postgres" SCANNER__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=stellaops-postgres;Port=5432;Database=scanner;Username=stellaops;Password=stellaops" SCANNER__CACHE__REDIS__CONNECTIONSTRING: "stellaops-valkey:6379" SCANNER__ARTIFACTSTORE__DRIVER: "rustfs" SCANNER__ARTIFACTSTORE__ENDPOINT: "http://stellaops-rustfs:8080/api/v1" SCANNER__ARTIFACTSTORE__BUCKET: "scanner-artifacts" SCANNER__ARTIFACTSTORE__TIMEOUTSECONDS: "30" SCANNER__QUEUE__BROKER: "valkey://stellaops-valkey:6379" SCANNER__EVENTS__ENABLED: "false" SCANNER__EVENTS__DRIVER: "valkey" SCANNER__EVENTS__DSN: "stellaops-valkey:6379" SCANNER__EVENTS__STREAM: "stella.events" SCANNER__EVENTS__PUBLISHTIMEOUTSECONDS: "5" SCANNER__EVENTS__MAXSTREAMLENGTH: "10000" SCANNER__OFFLINEKIT__ENABLED: "false" SCANNER__OFFLINEKIT__REQUIREDSSE: "true" SCANNER__OFFLINEKIT__REKOROFFLINEMODE: "true" SCANNER__OFFLINEKIT__TRUSTROOTDIRECTORY: "/etc/stellaops/trust-roots" SCANNER__OFFLINEKIT__REKORSNAPSHOTDIRECTORY: "/var/lib/stellaops/rekor-snapshot" SCANNER_SURFACE_FS_ENDPOINT: "http://stellaops-rustfs:8080/api/v1" SCANNER_SURFACE_CACHE_ROOT: "/var/lib/stellaops/surface" SCANNER_SURFACE_SECRETS_PROVIDER: "inline" SCANNER_SURFACE_SECRETS_ROOT: "" scanner-worker: image: registry.stella-ops.org/stellaops/scanner-worker@sha256:92dda42f6f64b2d9522104a5c9ffb61d37b34dd193132b68457a259748008f37 env: SCANNER__STORAGE__DRIVER: "postgres" SCANNER__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=stellaops-postgres;Port=5432;Database=scanner;Username=stellaops;Password=stellaops" SCANNER__CACHE__REDIS__CONNECTIONSTRING: "stellaops-valkey:6379" SCANNER__ARTIFACTSTORE__DRIVER: "rustfs" SCANNER__ARTIFACTSTORE__ENDPOINT: "http://stellaops-rustfs:8080/api/v1" SCANNER__ARTIFACTSTORE__BUCKET: "scanner-artifacts" SCANNER__ARTIFACTSTORE__TIMEOUTSECONDS: "30" SCANNER__QUEUE__BROKER: "valkey://stellaops-valkey:6379" SCANNER__EVENTS__ENABLED: "false" SCANNER__EVENTS__DRIVER: "valkey" SCANNER__EVENTS__DSN: "stellaops-valkey:6379" SCANNER__EVENTS__STREAM: "stella.events" SCANNER__EVENTS__PUBLISHTIMEOUTSECONDS: "5" SCANNER__EVENTS__MAXSTREAMLENGTH: "10000" SCANNER_SURFACE_FS_ENDPOINT: "http://stellaops-rustfs:8080/api/v1" SCANNER_SURFACE_CACHE_ROOT: "/var/lib/stellaops/surface" SCANNER_SURFACE_SECRETS_PROVIDER: "inline" SCANNER_SURFACE_SECRETS_ROOT: "" notify-web: image: registry.stella-ops.org/stellaops/notify-web:2025.10.0-edge service: port: 8446 env: DOTNET_ENVIRONMENT: Development NOTIFY__QUEUE__DRIVER: "valkey" NOTIFY__QUEUE__VALKEY__URL: "stellaops-valkey:6379" configMounts: - name: notify-config mountPath: /app/etc/notify.yaml subPath: notify.yaml configMap: notify-config excititor: image: registry.stella-ops.org/stellaops/excititor@sha256:d9bd5cadf1eab427447ce3df7302c30ded837239771cc6433b9befb895054285 env: EXCITITOR__CONCELIER__BASEURL: "https://stellaops-concelier:8445" EXCITITOR__STORAGE__DRIVER: "postgres" EXCITITOR__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=stellaops-postgres;Port=5432;Database=excititor;Username=stellaops;Password=stellaops" advisory-ai-web: image: registry.stella-ops.org/stellaops/advisory-ai-web:2025.10.0-edge service: port: 8448 env: ADVISORYAI__AdvisoryAI__SbomBaseAddress: http://stellaops-scanner-web:8444 ADVISORYAI__AdvisoryAI__Queue__DirectoryPath: /var/lib/advisory-ai/queue ADVISORYAI__AdvisoryAI__Storage__PlanCacheDirectory: /var/lib/advisory-ai/plans ADVISORYAI__AdvisoryAI__Storage__OutputDirectory: /var/lib/advisory-ai/outputs ADVISORYAI__AdvisoryAI__Inference__Mode: Local ADVISORYAI__AdvisoryAI__Inference__Remote__BaseAddress: "" ADVISORYAI__AdvisoryAI__Inference__Remote__ApiKey: "" volumeMounts: - name: advisory-ai-data mountPath: /var/lib/advisory-ai volumeClaims: - name: advisory-ai-data claimName: stellaops-advisory-ai-data advisory-ai-worker: image: registry.stella-ops.org/stellaops/advisory-ai-worker:2025.10.0-edge env: ADVISORYAI__AdvisoryAI__SbomBaseAddress: http://stellaops-scanner-web:8444 ADVISORYAI__AdvisoryAI__Queue__DirectoryPath: /var/lib/advisory-ai/queue ADVISORYAI__AdvisoryAI__Storage__PlanCacheDirectory: /var/lib/advisory-ai/plans ADVISORYAI__AdvisoryAI__Storage__OutputDirectory: /var/lib/advisory-ai/outputs ADVISORYAI__AdvisoryAI__Inference__Mode: Local ADVISORYAI__AdvisoryAI__Inference__Remote__BaseAddress: "" ADVISORYAI__AdvisoryAI__Inference__Remote__ApiKey: "" volumeMounts: - name: advisory-ai-data mountPath: /var/lib/advisory-ai volumeClaims: - name: advisory-ai-data claimName: stellaops-advisory-ai-data web-ui: image: registry.stella-ops.org/stellaops/web-ui@sha256:38b225fa7767a5b94ebae4dae8696044126aac429415e93de514d5dd95748dcf service: port: 8443 env: STELLAOPS_UI__BACKEND__BASEURL: "https://stellaops-scanner-web:8444" # Infrastructure services postgres: class: infrastructure image: docker.io/library/postgres@sha256:8e97b8526ed19304b144f7478bc9201646acf0723cdc6e4b19bc9eb34879a27e service: port: 5432 env: POSTGRES_USER: stellaops POSTGRES_PASSWORD: stellaops POSTGRES_DB: stellaops volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql/data volumes: - name: postgres-data emptyDir: {} valkey: class: infrastructure image: docker.io/valkey/valkey:9.0.1-alpine service: port: 6379 command: - valkey-server - --appendonly - "yes" volumeMounts: - name: valkey-data mountPath: /data volumes: - name: valkey-data emptyDir: {} rustfs: class: infrastructure image: registry.stella-ops.org/stellaops/rustfs:2025.09.2 service: port: 8080 env: RUSTFS__LOG__LEVEL: info RUSTFS__STORAGE__PATH: /data volumeMounts: - name: rustfs-data mountPath: /data volumes: - name: rustfs-data emptyDir: {}