stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
108d1c64b323808d6085fca05818fc581c6b003a
git.stella-ops.org/docs/modules/vuln-explorer/README.md
StellaOps Bot 17d45a6d30
Some checks failed
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
feat: Implement Filesystem and MongoDB provenance writers for PackRun execution context 
- Added `FilesystemPackRunProvenanceWriter` to write provenance manifests to the filesystem.
- Introduced `MongoPackRunArtifactReader` to read artifacts from MongoDB.
- Created `MongoPackRunProvenanceWriter` to store provenance manifests in MongoDB.
- Developed unit tests for filesystem and MongoDB provenance writers.
- Established `ITimelineEventStore` and `ITimelineIngestionService` interfaces for timeline event handling.
- Implemented `TimelineIngestionService` to validate and persist timeline events with hashing.
- Created PostgreSQL schema and migration scripts for timeline indexing.
- Added dependency injection support for timeline indexer services.
- Developed tests for timeline ingestion and schema validation.
2025-11-30 15:38:14 +02:00

1.8 KiB
Raw Blame History

StellaOps Vulnerability Explorer

Vulnerability Explorer delivers policy-aware triage, investigation, and reporting surfaces for effective findings.

Latest updates (2025-11-30)

  • Documentation refresh aligned to sprint 0334: added observability/runbook snapshot and cross-links to OpenAPI draft (./api.md) and schemas in architecture.md.
  • New offline-friendly observability runbook at runbooks/observability.md plus stub Grafana JSON in runbooks/dashboards/.
  • Retained 2025-11-03 access-control changes; verify Authority scopes before enabling attachment uploads (docs/updates/2025-11-03-vuln-explorer-access-controls.md).

Responsibilities

  • Present policy-evaluated findings with advisory, VEX, SBOM, and runtime context.
  • Capture triage workflow in an immutable findings ledger with role-based access.
  • Provide pivots, exports, and reports for auditors and operations teams.
  • Integrate explain traces, remediation notes, and offline bundles.

Key components

  • Findings Ledger service + API.
  • Console module and CLI verbs for triage workflows.
  • Export integrations for reports and evidence packages.

Integrations & dependencies

  • Policy Engine for effective findings streams.
  • Concelier/Excititor for evidence provenance.
  • Scheduler for remediation/verification jobs.
  • Notify for triage notifications.

Operational notes

  • Audit logging per Epic 6 requirements.
  • Offline-ready CSV/PDF exports with deterministic hashes.
  • Dashboards for MTTR and triage throughput.
  • Observability runbook and dashboard stub: see runbooks/observability.md and runbooks/dashboards/vuln-explorer-observability.json (import locally).

Epic alignment

  • Epic 6: Vulnerability Explorer.
  • VULN stories tracked in ../../TASKS.md and src/VulnExplorer/**/TASKS.md.