stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
40362de56880f054c29ce23e6ba980834a7f831f
git.stella-ops.org/docs/modules/scanner/design
History
StellaOps Bot 40362de568 chore: remove outdated documentation and prep notes 
- Deleted several draft and prep documents related to benchmarks, authority DPoP & mTLS implementation, Java analyzer observation, link-not-merge determinism tests, replay operations, and crypto provider registry.
- Updated the merge semver playbook to reflect current database schema usage.
- Cleaned up the technical development README to remove references to obsolete documents and streamline guidance for contributors.
2025-12-24 12:47:50 +02:00
..
api-ui-surfacing.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
binary-evidence-alignment.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
cache-key-contract.md
up the blokcing tasks
2025-12-11 02:32:18 +02:00
cdx17-cbom-contract.md
Add receipt input JSON and SHA256 hash for CVSS policy scoring tests
2025-12-04 07:30:42 +02:00
competitor-anomaly-tests.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
competitor-benchmark-parity.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
competitor-db-governance.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
competitor-error-taxonomy.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
competitor-fallback-hierarchy.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
competitor-ingest-normalization.md
Add tests and implement timeline ingestion options with NATS and Redis subscribers
2025-12-03 09:46:48 +02:00
competitor-offline-ingest-kit.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
competitor-signature-verification.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
dart-analyzer-plan.md
up
2025-12-09 00:20:52 +02:00
dart-swift-analyzer-scope.md
up
2025-12-09 09:38:09 +02:00
deno-analyzer-plan.md
up
2025-12-09 00:20:52 +02:00
deno-analyzer-scope.md
up
2025-12-09 09:38:09 +02:00
deno-runtime-shim.md
Add PHP Analyzer Plugin and Composer Lock Data Handling
2025-11-22 14:02:49 +02:00
deno-runtime-signals.md
feat: Add initial implementation of Vulnerability Resolver Jobs
2025-11-18 07:52:15 +02:00
determinism-ci-harness.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
dotnet-analyzer-11-001.md
up
2025-12-09 09:38:09 +02:00
entropy-transport.md
up the blokcing tasks
2025-12-11 02:32:18 +02:00
macos-analyzer.md
feat: Implement vulnerability token signing and verification utilities
2025-11-03 10:04:10 +02:00
native-reachability-plan.md
up
2025-12-13 02:22:15 +02:00
node-bundle-phase22.md
feat: Enhance MongoDB storage with event publishing and outbox support
2025-11-20 23:08:45 +02:00
offline-kit-parity.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
php-autoload-design.md
up
2025-12-09 09:38:09 +02:00
README.md
Add receipt input JSON and SHA256 hash for CVSS policy scoring tests
2025-12-04 07:30:42 +02:00
replay-pipeline-contract.md
up the blokcing tasks
2025-12-11 02:32:18 +02:00
ruby-analyzer.md
Add inline DSSE provenance documentation and Mongo schema
2025-11-13 00:20:33 +02:00
runtime-alignment-scanner-zastava.md
up
2025-12-09 00:20:52 +02:00
runtime-parity-plan.md
up
2025-12-09 09:38:09 +02:00
schema-governance.md
Add signal contracts for reachability, exploitability, trust, and unknown symbols
2025-12-05 00:27:00 +02:00
slsa-source-track.md
Add receipt input JSON and SHA256 hash for CVSS policy scoring tests
2025-12-04 07:30:42 +02:00
standards-convergence-roadmap.md
Add tests and implement timeline ingestion options with NATS and Redis subscribers
2025-12-03 09:46:48 +02:00
surface-env-release.md
work
2025-11-23 23:40:10 +02:00
surface-env.md
Implement ledger metrics for observability and add tests for Ruby packages endpoints
2025-11-13 09:29:09 +02:00
surface-fs-consumers.md
feat: Add documentation and task tracking for Sprints 508 to 514 in Ops & Offline
2025-11-08 23:18:28 +02:00
surface-fs.md
feat(zastava): add evidence locker plan and schema examples
2025-12-02 09:27:31 +02:00
surface-secrets-schema.md
work
2025-11-23 23:40:10 +02:00
surface-secrets.md
Add Authority Advisory AI and API Lifecycle Configuration
2025-11-02 13:50:25 +02:00
surface-validation.md
work
2025-11-23 23:40:10 +02:00
swiftpm-coverage-plan.md
up
2025-12-09 00:20:52 +02:00
windows-analyzer.md
up
2025-11-28 19:23:54 +02:00

README.md

Scanner Design Dossiers

This directory contains deep technical designs for current and upcoming analyzers and surface components.

Language analyzers

  • ruby-analyzer.md — lockfile, runtime graph, capability signals for Ruby.
  • deno-runtime-signals.md — runtime trace + policy signal contract for Deno analyzer.
  • deno-runtime-shim.md — loader/trace shim plan for runtime NDJSON capture in Deno analyzer.

Surface & platform contracts

  • surface-fs.md
  • surface-env.md
  • surface-validation.md
  • surface-secrets.md

OS ecosystem designs

  • macos-analyzer.md — Homebrew, pkgutil, .app bundle plan.
  • windows-analyzer.md — MSI, WinSxS, Chocolatey, registry collectors.
  • cdx17-cbom-contract.md — deterministic CycloneDX 1.7 + CBOM export profile (ordering, hashes, downgrade rules).
  • slsa-source-track.md — deterministic SLSA Source Track capture (repo/ref/commit, tree hash, invocation hash, provenance DSSE, CAS paths).

Demand & dashboards

  • ../../benchmarks/scanner/windows-macos-demand.md — demand tracker.
  • ../../benchmarks/scanner/windows-macos-interview-template.md — interview template.
  • ../../api/scanner/windows-coverage.md — coverage summary dashboard.
  • ../../api/scanner/windows-macos-summary.md — metric snapshot.

Utility & reference

  • ../operations/field-engagement.md — SE workflow guidance.
  • ../operations/analyzers.md — operational runbook.
  • ../operations/rustfs-migration.md — storage migration notes.

Maintenance tips

  • Keep demand tracker (../../benchmarks/scanner/windows-macos-demand.md) and API dashboards in sync when updating macOS/Windows designs.
  • Cross-reference policy readiness briefs for associated predicates and waiver models.

Policy readiness

  • ../policy/secret-leak-detection-readiness.md — secret leak pipeline decisions.
  • ../policy/windows-package-readiness.md — Windows analyzer policy decisions.