master
7b5bdcf4d3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
30 lines
1.1 KiB
Markdown
30 lines
1.1 KiB
Markdown
# StellaOps Vulnerability Explorer
|
|
|
|
Vulnerability Explorer delivers policy-aware triage, investigation, and reporting surfaces for effective findings.
|
|
|
|
## Responsibilities
|
|
- Present policy-evaluated findings with advisory, VEX, SBOM, and runtime context.
|
|
- Capture triage workflow in an immutable findings ledger with role-based access.
|
|
- Provide pivots, exports, and reports for auditors and operations teams.
|
|
- Integrate explain traces, remediation notes, and offline bundles.
|
|
|
|
## Key components
|
|
- Findings Ledger service + API.
|
|
- Console module and CLI verbs for triage workflows.
|
|
- Export integrations for reports and evidence packages.
|
|
|
|
## Integrations & dependencies
|
|
- Policy Engine for effective findings streams.
|
|
- Concelier/Excititor for evidence provenance.
|
|
- Scheduler for remediation/verification jobs.
|
|
- Notify for triage notifications.
|
|
|
|
## Operational notes
|
|
- Audit logging per Epic 6 requirements.
|
|
- Offline-ready CSV/PDF exports with deterministic hashes.
|
|
- Dashboards for MTTR and triage throughput.
|
|
|
|
## Epic alignment
|
|
- Epic 6: Vulnerability Explorer.
|
|
- VULN stories tracked in ../../TASKS.md and src/VulnExplorer/**/TASKS.md.
|