stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
40e7f827da764e39ca67fc27a74813a98e9a38d2
git.stella-ops.org/docs/modules/scanner/operations/field-engagement.md
master b1e78fe412
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Implement vulnerability token signing and verification utilities 
- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys.
- Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries.
- Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads.
- Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options.
- Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads.
- Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features.
- Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
2025-11-03 10:04:10 +02:00

1.9 KiB
Raw Blame History

Field Engagement Playbook — Windows & macOS Coverage

Audience: Field SEs, Product Specialists • Status: Draft

Purpose

Provide quick-reference guidance when prospects or customers ask about Windows/macOS coverage.

Key talking points

  • Current scope: Scanner supports deterministic Linux coverage; Windows/macOS analyzers are in design.
  • Roadmap: macOS design (brew/pkgutil/.app) at ../design/macos-analyzer.md; Windows design (MSI/WinSxS/Chocolatey) at ../design/windows-analyzer.md.
  • Demand tracking: All signals captured in ../../benchmarks/scanner/windows-macos-demand.md using the interview template.
  • Policy readiness: Secret leak detection briefing (../../policy/secret-leak-detection-readiness.md) and Windows package readiness (../../policy/windows-package-readiness.md).
  • Backlog IDs: MacOS (SCANNER-ENG-0020..0023), Windows (SCANNER-ENG-0024..0027), policy follow-ups (POLICY-READINESS-0001/0002).

SE workflow

  1. Use the interview template to capture customer needs.
  2. Append structured summary to windows-macos-demand.md and update the API dashboards (docs/api/scanner/windows-macos-summary.md, docs/api/scanner/windows-coverage.md).
  3. Notify Product/Scanner guild during weekly sync; flag blockers in Jira.
  4. Add highlight to the “Recent updates” section in docs/api/scanner/windows-macos-summary.md.
  5. Track upcoming milestones (FinSecure decision 2025-11-07, Northwind demo 2025-11-10) and ensure readiness tasks reflect outcomes.

FAQ snippets

  • When will Windows/macOS analyzers be GA? — Pending demand threshold; design complete, awaiting prioritisation.
  • Can we run scans offline? — Offline parity is a requirement; Offline Kit packaging detailed in design briefs.
  • Do we cover Authenticode/notarization? — Planned via Policy Engine predicates as part of readiness tasks.

Contacts

  • Product lead: TBD (record in demand log when assigned)
  • Scanner guild rep: TBD
  • Policy guild rep: TBD