master
7b5bdcf4d3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
34 lines
1.2 KiB
Markdown
34 lines
1.2 KiB
Markdown
# StellaOps Zastava
|
|
|
|
Zastava monitors running workloads, verifies supply chain posture, and enforces runtime policy via Kubernetes admission webhooks.
|
|
|
|
## Responsibilities
|
|
- Observe node/container activity and emit runtime events.
|
|
- Validate signatures, SBOM presence, and backend verdicts before allowing containers.
|
|
- Buffer and replay events during disconnections.
|
|
- Trigger delta scans when runtime posture drifts.
|
|
|
|
## Key components
|
|
- `StellaOps.Zastava.Observer` daemonset.
|
|
- `StellaOps.Zastava.Webhook` admission controller.
|
|
- Shared contracts in `StellaOps.Zastava.Core`.
|
|
|
|
## Integrations & dependencies
|
|
- Authority for OpToks and mTLS.
|
|
- Scanner/Scheduler for remediation triggers.
|
|
- Notify/UI for runtime alerts and dashboards.
|
|
|
|
## Operational notes
|
|
- Runbook ./operations/runtime.md with Grafana/Prometheus assets.
|
|
- Offline kit assets bundling webhook charts.
|
|
- DPoP/mTLS rotation guidance shared with Authority.
|
|
|
|
## Related resources
|
|
- ./operations/runtime.md
|
|
- ./operations/runtime-grafana-dashboard.json
|
|
- ./operations/runtime-prometheus-rules.yaml
|
|
|
|
## Backlog references
|
|
- ZASTAVA runtime tasks in ../../TASKS.md.
|
|
- Webhook smoke tests tracked in src/Zastava/**/TASKS.md.
|