stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
40362de56880f054c29ce23e6ba980834a7f831f
git.stella-ops.org/docs/modules/scanner/operations/field-engagement.md
StellaOps Bot 9a08d10b89 docs consolidation
2025-12-24 12:38:14 +02:00

2.2 KiB
Raw Blame History

Field Engagement Playbook: Windows and macOS Coverage

This playbook helps field teams answer Windows/macOS coverage questions without drifting into speculative promises.

1) Current scope (baseline)

  • Scanner targets deterministic container-image workflows first (Linux-focused).
  • Windows and macOS analyzers are design-tracked and should be discussed as "in discovery/design" unless a specific sprint/feature flag says otherwise.

2) Operator talking points

  • Determinism and offline parity are non-negotiable: any Windows/macOS expansion must keep fixtures, ordering, hashing, and Offline Kit flows reproducible.
  • Coverage work is split into:
    • Scanner analyzers (collection and parsing),
    • Policy predicates (trust/verification rules),
    • Offline Kit packaging (feeds, certificates, mirrors, and deterministic indexes).

3) Where to point people

  • Design briefs:
    • docs/modules/scanner/design/windows-analyzer.md
    • docs/modules/scanner/design/macos-analyzer.md
  • Deep dives and research notes:
    • docs/benchmarks/scanner/deep-dives/windows.md
    • docs/benchmarks/scanner/deep-dives/macos.md
    • Demand capture: docs/benchmarks/scanner/windows-macos-demand.md
  • Policy readiness notes:
    • docs/modules/policy/windows-package-readiness.md
    • docs/modules/policy/secret-leak-detection-readiness.md

4) Signal capture workflow

  1. Capture requirements using docs/benchmarks/scanner/windows-macos-interview-template.md.
  2. Append a structured summary to docs/benchmarks/scanner/windows-macos-demand.md.
  3. If the signal implies policy/security decisions (signature verification, trust roots, masking/telemetry), update the relevant readiness notes and reference the demand entry.
  4. Share the updated demand entry with the Scanner and Policy guilds in the next sync.

5) FAQ snippets

  • When will Windows/macOS be GA? Demand- and evidence-driven; avoid date promises. Use the design briefs and deep dives for the current state.
  • Can we run scans offline? Offline parity is required; any OS expansion must include an Offline Kit story (feeds, trust roots, deterministic indexes).
  • Do we cover Authenticode/notarization? Treat as a policy/security decision captured in readiness notes, not an implicit feature promise.