415eff1207
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added IScanMetricsRepository interface for scan metrics persistence and retrieval. - Implemented PostgresScanMetricsRepository for PostgreSQL database interactions, including methods for saving and retrieving scan metrics and execution phases. - Introduced methods for obtaining TTE statistics and recent scans for tenants. - Implemented deletion of old metrics for retention purposes. test(tests): Add SCA Failure Catalogue tests for FC6-FC10 - Created ScaCatalogueDeterminismTests to validate determinism properties of SCA Failure Catalogue fixtures. - Developed ScaFailureCatalogueTests to ensure correct handling of specific failure modes in the scanner. - Included tests for manifest validation, file existence, and expected findings across multiple failure cases. feat(telemetry): Integrate scan completion metrics into the pipeline - Introduced IScanCompletionMetricsIntegration interface and ScanCompletionMetricsIntegration class to record metrics upon scan completion. - Implemented proof coverage and TTE metrics recording with logging for scan completion summaries.
39 lines
3.0 KiB
Markdown
Executable File
39 lines
3.0 KiB
Markdown
Executable File
# StellaOps Concelier & CLI
|
|
|
|
[](https://git.stella-ops.org/stellaops/feedser/actions/workflows/build-test-deploy.yml)
|
|
[](https://git.stella-ops.org/stellaops/feedser/actions/workflows/build-test-deploy.yml)
|
|
[](docs/testing/ci-quality-gates.md)
|
|
[](docs/testing/ci-quality-gates.md)
|
|
|
|
This repository hosts the StellaOps Concelier service, its plug-in ecosystem, and the
|
|
first-party CLI (`stellaops-cli`). Concelier ingests vulnerability advisories from
|
|
authoritative sources, stores them in MongoDB, and exports deterministic JSON and
|
|
Trivy DB artefacts. The CLI drives scanner distribution, scan execution, and job
|
|
control against the Concelier API.
|
|
|
|
## Quickstart
|
|
|
|
1. Prepare a MongoDB instance and (optionally) install `trivy-db`/`oras`.
|
|
2. Copy `etc/concelier.yaml.sample` to `etc/concelier.yaml` and update the storage + telemetry
|
|
settings.
|
|
3. Copy `etc/authority.yaml.sample` to `etc/authority.yaml`, review the issuer, token
|
|
lifetimes, and plug-in descriptors, then edit the companion manifests under
|
|
`etc/authority.plugins/*.yaml` to match your deployment.
|
|
4. Start the web service with `dotnet run --project src/Concelier/StellaOps.Concelier.WebService`.
|
|
5. Configure the CLI via environment variables (e.g. `STELLAOPS_BACKEND_URL`) and trigger
|
|
jobs with `dotnet run --project src/Cli/StellaOps.Cli -- db merge`.
|
|
|
|
Detailed operator guidance is available in `docs/10_CONCELIER_CLI_QUICKSTART.md`. API and
|
|
command reference material lives in `docs/09_API_CLI_REFERENCE.md`.
|
|
|
|
Pipeline note: deployment workflows should template `etc/concelier.yaml` during CI/CD,
|
|
injecting environment-specific Mongo credentials and telemetry endpoints. Upcoming
|
|
releases will add Microsoft OAuth (Entra ID) authentication support—track the quickstart
|
|
for integration steps once available.
|
|
|
|
## Documentation
|
|
|
|
- `docs/README.md` now consolidates the platform index and points to the updated high-level architecture.
|
|
- Module architecture dossiers now live under `docs/modules/<module>/`. The most relevant here are `docs/modules/concelier/ARCHITECTURE.md` (service layout, merge engine, exports) and `docs/modules/cli/ARCHITECTURE.md` (command surface, AOT packaging, auth flows). Related services such as the Signer, Attestor, Authority, Scanner, UI, Excititor, Zastava, and DevOps pipeline each have their own dossier in the same hierarchy.
|
|
- Offline operation guidance moved to `docs/24_OFFLINE_KIT.md`, which details bundle composition, verification, and delta workflows. Concelier-specific connector operations stay in `docs/modules/concelier/operations/connectors/*.md` with companion runbooks in `docs/modules/concelier/operations/`.
|