stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
24be2f22688fd242801ae48e6404d36c9d60c8b0
git.stella-ops.org/src/Scanner
History
master e60d5e0fce feat(findings,sbomservice,scanner): runtime data plane cutover 
Sprint SPRINT_20260415_004_DOCS_runtime_data_plane_real_backend_cutover.

- Findings.Ledger: Postgres-backed endpoints (runtime timeline/traces,
  scoring, vuln-explorer, webhook), unsupported-compat shim, ledger data
  source, vulnerability detail service.
- RiskEngine.WebService: web application factory + runtime wiring tests.
- SbomService: rename InMemory -> ManifestBacked metadata repo, add
  Postgres registry source/ledger/lineage/event/watermark repos +
  migrations 001 initial schema and 002 runtime durable state.
- Scanner: SBOM uploads store + migration 026, scan runtime state +
  migration 027, persisted scan coordinator, Postgres policy repos,
  VEX gate query service + controller, reachability evidence migration 022.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-19 14:36:40 +03:00
..
__Benchmarks
stabilize tests
2026-02-01 21:37:40 +02:00
__Libraries
feat(findings,sbomservice,scanner): runtime data plane cutover
2026-04-19 14:36:40 +03:00
__Tests
feat(findings,sbomservice,scanner): runtime data plane cutover
2026-04-19 14:36:40 +03:00
docs
save checkpoint
2026-02-11 01:32:14 +02:00
samples/api/reports
save progress
2026-01-02 15:52:55 +02:00
StellaOps.Scanner.Analyzers.Lang.Deno
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.Scanner.Analyzers.Lang.Php
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.Scanner.Analyzers.Lang.Ruby
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.Scanner.Analyzers.Native
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.Scanner.Analyzers.Plugin.Unified
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.Scanner.Cartographer
consolidation of some of the modules, localization fixes, product advisories work, qa work
2026-03-05 03:54:22 +02:00
StellaOps.Scanner.Sbomer.BuildXPlugin
stela ops usage fixes roles propagation and timoeut, one account to support multi tenants, migrations consolidation, search to support documentation, doctor and open api vector db search
2026-02-22 19:27:54 +02:00
StellaOps.Scanner.WebService
feat(findings,sbomservice,scanner): runtime data plane cutover
2026-04-19 14:36:40 +03:00
StellaOps.Scanner.Worker
Repair live canonical migrations and scanner cache bootstrap
2026-03-09 21:56:41 +02:00
AGENTS_SCORE_PROOFS.md
product advisories add change contiang folder
2026-01-08 09:06:03 +02:00
AGENTS.md
consolidation of some of the modules, localization fixes, product advisories work, qa work
2026-03-05 03:54:22 +02:00
README.md
refactor(graph): absorb Cartographer into graph-api + wire Graph Indexer
2026-04-08 15:48:18 +03:00
StellaOps.Scanner.sln
consolidation of some of the modules, localization fixes, product advisories work, qa work
2026-03-05 03:54:22 +02:00

README.md

Scanner

Container(s): stellaops-scanner-web, stellaops-scanner-worker Slot: 8 (web + worker) | Port: 8444 (web) | Consumer Group: scanner (web) Resource Tier: heavy (web + worker)

Note: Cartographer (Slot 21) has been retired and merged into graph-api (Slot 20). See src/Graph/README.md for the merged service.

Purpose

The Scanner module performs SBOM generation, vulnerability analysis, reachability mapping, and supply-chain security scanning of container images. The web service exposes scan APIs (triage, SBOM queries, offline-kit management, replay commands), while the worker processes scan jobs from Valkey queues through a multi-stage pipeline (analyzers, EPSS enrichment, secrets detection, crypto analysis, build provenance, PoE generation, verdict push).

API Surface

  • scanner (via Router) — SBOM queries, scan submissions, triage, reachability slices, offline-kit import/export, smart-diff, policy gate evaluation
  • cartographer — RETIRED; merged into graph-api (Slot 20)

Storage

PostgreSQL schema scanner (via ScannerStorage:Postgres); RustFS object store for artifacts (scanner-artifacts bucket)

Background Workers

  • ScannerWorkerHostedService — processes scan jobs from Valkey queue
  • EpssIngestJob — EPSS score ingestion
  • EpssEnrichmentJob — live EPSS enrichment of scan results
  • EpssSignalJob — EPSS signal emission
  • FnDriftMetricsExporter — function drift metrics