IssuerDirectory
Status: Implemented (source relocated by Sprint 216)
Source: src/Authority/StellaOps.IssuerDirectory/ (previously src/IssuerDirectory/)
Owner: Authority domain (Identity & Trust)
Purpose
IssuerDirectory maintains a trust registry of CSAF publishers and VEX statement issuers. Provides discovery, validation, and trust scoring for upstream vulnerability advisories and VEX statements.
Domain ownership
As of Sprint 216, IssuerDirectory source is owned by the Authority domain. The runtime service identity, container, and database schema remain independent. Schema isolation from AuthorityDbContext is a deliberate security feature.
See docs/modules/authority/architecture.md (sections 21.1--21.4) for schema ownership and the no-merge ADR.
Components
Services:
StellaOps.IssuerDirectory- Main service for issuer registry management and API
Configuration
See etc/issuer-directory.yaml.sample for configuration options.
Key settings:
- PostgreSQL connection (schema:
issuer_directory) - Authority integration settings
- Issuer discovery endpoints
- Trust validation policies
- CSAF provider metadata validation
Dependencies
- PostgreSQL (schema:
issuer_directory) - Authority (authentication)
- Concelier (consumes issuer metadata)
- VexHub (consumes issuer trust data)
- VexLens (trust scoring integration)
Related Documentation
- Architecture:
../authority/architecture.md(sections 21.1--21.4) - Archived original:
docs-archived/modules/issuer-directory/ - Concelier:
../concelier/ - VexHub:
../vexhub/ - VexLens:
../vex-lens/