2.0 KiB
2.0 KiB
Infrastructure dependencies (detailed)
StellaOps is designed to run with a small set of required infrastructure components. Everything else is optional and must not be a hidden dependency for core workflows.
PostgreSQL (required)
Primary store for durable state. Each service owns a schema to keep boundaries clear and enable tenant isolation strategies.
| Schema | Owner (primary) | Purpose |
|---|---|---|
authority |
Authority | Users, clients, tenants, keys, audit trails. |
scanner |
Scanner | Scan manifests, triage, scan results metadata. |
vuln |
Concelier | Advisory raw documents, linksets, observations. |
vex |
Excititor | VEX raw documents, consensus, provider state. |
scheduler |
Scheduler | Jobs, runs, schedules, impact snapshots. |
notify |
Notify | Channels, templates, delivery history, digests. |
policy |
Policy | Exception objects, snapshots, unknowns. |
orchestrator |
Orchestrator | Sources, runs, jobs, DAGs, pack runs. |
Valkey (required)
Redis-compatible cache + coordination substrate.
| Pattern | Typical services | Purpose |
|---|---|---|
| DPoP nonces | Authority | RFC 9449 nonce storage (short TTL). |
| Streams / events | Scanner, Notify, Scheduler | Event emission and fan-out (deterministic ordering per stream). |
| Queues | Scanner, Notify | Worker coordination (consumer groups). |
| Cache | All services | Tenant-prefixed caching with explicit TTLs. |
| Rate limiting | Gateway, Authority | Token bucket counters. |
RustFS / S3-compatible object storage (required)
Artifact store for SBOMs, evidence bundles, and replayable outputs. The exact bucket layout depends on the deployment profile; treat deployment manifests as authoritative.
NATS JetStream (optional)
Alternative messaging transport for environments that require persistent streams or specific operational characteristics. NATS must be explicitly configured and must not be required for core workflows.
Deployment references
- Compose profiles:
devops/compose/README.md - Deployment bundles overview:
deploy/README.md